Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2026-44432 (GCVE-0-2026-44432)
Vulnerability from cvelistv5 – Published: 2026-05-13 15:17 – Updated: 2026-07-02 12:04- CWE-409 - Improper Handling of Highly Compressed Data (Data Amplification)
| Vendor | Product | Version | |
|---|---|---|---|
| urllib3 | urllib3 |
Affected:
>= 2.6.0, < 2.7.0
|
|
| Red Hat | Red Hat Ansible Automation Platform 2.6 for RHEL 9 |
cpe:/a:redhat:ansible_automation_platform:2.6::el9 cpe:/a:redhat:ansible_automation_platform_developer:2.6::el9 |
|
| Red Hat | Red Hat Enterprise Linux AppStream (v. 10) |
cpe:/o:redhat:enterprise_linux:10.2 |
|
| Red Hat | Red Hat Enterprise Linux AppStream (v. 8) |
cpe:/a:redhat:enterprise_linux:8::appstream |
|
| Red Hat | Red Hat Enterprise Linux AppStream (v. 9) |
cpe:/a:redhat:enterprise_linux:9::appstream |
|
| Red Hat | Red Hat Enterprise Linux BaseOS (v. 10) |
cpe:/o:redhat:enterprise_linux:10.2 |
|
| Red Hat | Red Hat Enterprise Linux BaseOS (v. 9) |
cpe:/o:redhat:enterprise_linux:9::baseos |
|
| Red Hat | Red Hat AI Inference Server 3.3 |
cpe:/a:redhat:ai_inference_server:3.3::el9 |
|
| Red Hat | Red Hat AI Inference Server 3.4 |
cpe:/a:redhat:ai_inference_server:3.4::el9 |
|
| Red Hat | Red Hat Ansible Automation Platform 2.6 |
cpe:/a:redhat:ansible_automation_platform:2.6::el9 |
|
| Red Hat | Red Hat Ansible Automation Platform 2.7 |
cpe:/a:redhat:ansible_automation_platform:2.7::el9 |
|
| Red Hat | Red Hat Discovery 2 |
cpe:/a:redhat:discovery:2::el9 |
|
| Red Hat | Red Hat Hardened Images |
cpe:/a:redhat:hummingbird:1 |
|
| Red Hat | Red Hat Quay 3.10 |
cpe:/a:redhat:quay:3.10::el8 |
|
| Red Hat | Red Hat Quay 3.12 |
cpe:/a:redhat:quay:3.12::el8 |
|
| Red Hat | Red Hat Quay 3.9 |
cpe:/a:redhat:quay:3.9::el8 |
|
| Red Hat | Red Hat Satellite 6.18 |
cpe:/a:redhat:satellite:6.18::el9 |
|
| Red Hat | Red Hat Satellite 6.19 |
cpe:/a:redhat:satellite:6.19::el9 |
|
| Red Hat | Red Hat Trusted Artifact Signer 1.3 |
cpe:/a:redhat:trusted_artifact_signer:1.3::el9 |
|
| Red Hat | Red Hat Trusted Artifact Signer 1.4 |
cpe:/a:redhat:trusted_artifact_signer:1.4::el9 |
|
| Red Hat | Migration Toolkit for Applications 8 |
cpe:/a:redhat:migration_toolkit_applications:8 |
|
| Red Hat | OpenShift Lightspeed |
cpe:/a:redhat:openshift_lightspeed |
|
| Red Hat | Pen Drive Powered by Red Hat Lightspeed |
cpe:/a:redhat:pdrive_lightspeed:0 |
|
| Red Hat | Red Hat AI Inference Server |
cpe:/a:redhat:ai_inference_server:3 |
|
| Red Hat | Red Hat Ansible Automation Platform 2 |
cpe:/a:redhat:ansible_automation_platform:2 |
|
| Red Hat | Red Hat OpenShift AI (RHOAI) |
cpe:/a:redhat:openshift_ai |
|
| Red Hat | Red Hat OpenShift Container Platform 4 |
cpe:/a:redhat:openshift:4 |
|
| Red Hat | Red Hat Quay 3 |
cpe:/a:redhat:quay:3 |
|
| Red Hat | Red Hat Satellite 6 |
cpe:/a:redhat:satellite:6 |
|
| Red Hat | Service Telemetry Framework 1.5 |
cpe:/a:redhat:stf:1.5 |
|
| Red Hat | Exploit Intelligence |
cpe:/a:redhat:exploit_intelligence:0 |
|
| Red Hat | External Secrets Operator for Red Hat OpenShift |
cpe:/a:redhat:external_secrets_operator:1 |
|
| Red Hat | Migration Toolkit for Containers |
cpe:/a:redhat:rhmt:1 |
|
| Red Hat | Migration Toolkit for Virtualization |
cpe:/a:redhat:migration_toolkit_virtualization:2 |
|
| Red Hat | OpenShift Service Mesh 3 |
cpe:/a:redhat:service_mesh:3 |
|
| Red Hat | Red Hat build of Quarkus Native builder |
cpe:/a:redhat:quarkus:3 |
|
| Red Hat | Red Hat Developer Hub |
cpe:/a:redhat:rhdh:1 |
|
| Red Hat | Red Hat Enterprise Linux 10 |
cpe:/o:redhat:enterprise_linux:10 |
|
| Red Hat | Red Hat Enterprise Linux 6 |
cpe:/o:redhat:enterprise_linux:6 |
|
| Red Hat | Red Hat Enterprise Linux 7 |
cpe:/o:redhat:enterprise_linux:7 |
|
| Red Hat | Red Hat Enterprise Linux 8 |
cpe:/o:redhat:enterprise_linux:8 |
|
| Red Hat | Red Hat Enterprise Linux 9 |
cpe:/o:redhat:enterprise_linux:9 |
|
| Red Hat | Red Hat Enterprise Linux AI (RHEL AI) 3 |
cpe:/a:redhat:enterprise_linux_ai:3 |
|
| Red Hat | Red Hat OpenShift Virtualization 4 |
cpe:/a:redhat:container_native_virtualization:4 |
|
| Red Hat | Red Hat OpenStack Platform 17.1 |
cpe:/a:redhat:openstack:17.1 |
|
| Red Hat | Red Hat Update Infrastructure 4 for Cloud Providers |
cpe:/a:redhat:rhui:4::el8 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-44432",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-15T18:17:39.119999Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-15T18:25:06.331Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"affected": [
{
"cpes": [
"cpe:/a:redhat:ansible_automation_platform:2.6::el9",
"cpe:/a:redhat:ansible_automation_platform_developer:2.6::el9"
],
"defaultStatus": "affected",
"product": "Red Hat Ansible Automation Platform 2.6 for RHEL 9",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/o:redhat:enterprise_linux:10.2"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux AppStream (v. 10)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:enterprise_linux:8::appstream"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux AppStream (v. 8)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:enterprise_linux:9::appstream"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux AppStream (v. 9)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/o:redhat:enterprise_linux:10.2"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux BaseOS (v. 10)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/o:redhat:enterprise_linux:9::baseos"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux BaseOS (v. 9)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:ai_inference_server:3.3::el9"
],
"defaultStatus": "affected",
"product": "Red Hat AI Inference Server 3.3",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:ai_inference_server:3.4::el9"
],
"defaultStatus": "affected",
"product": "Red Hat AI Inference Server 3.4",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:ansible_automation_platform:2.6::el9"
],
"defaultStatus": "affected",
"product": "Red Hat Ansible Automation Platform 2.6",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:ansible_automation_platform:2.7::el9"
],
"defaultStatus": "affected",
"product": "Red Hat Ansible Automation Platform 2.7",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:discovery:2::el9"
],
"defaultStatus": "affected",
"product": "Red Hat Discovery 2",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:hummingbird:1"
],
"defaultStatus": "affected",
"product": "Red Hat Hardened Images",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:quay:3.10::el8"
],
"defaultStatus": "affected",
"product": "Red Hat Quay 3.10",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:quay:3.12::el8"
],
"defaultStatus": "affected",
"product": "Red Hat Quay 3.12",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:quay:3.9::el8"
],
"defaultStatus": "affected",
"product": "Red Hat Quay 3.9",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:satellite:6.18::el9"
],
"defaultStatus": "affected",
"product": "Red Hat Satellite 6.18",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:satellite:6.19::el9"
],
"defaultStatus": "affected",
"product": "Red Hat Satellite 6.19",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:trusted_artifact_signer:1.3::el9"
],
"defaultStatus": "affected",
"product": "Red Hat Trusted Artifact Signer 1.3",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:trusted_artifact_signer:1.4::el9"
],
"defaultStatus": "affected",
"product": "Red Hat Trusted Artifact Signer 1.4",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:migration_toolkit_applications:8"
],
"defaultStatus": "affected",
"product": "Migration Toolkit for Applications 8",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift_lightspeed"
],
"defaultStatus": "affected",
"product": "OpenShift Lightspeed",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:pdrive_lightspeed:0"
],
"defaultStatus": "affected",
"product": "Pen Drive Powered by Red Hat Lightspeed",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:ai_inference_server:3"
],
"defaultStatus": "affected",
"product": "Red Hat AI Inference Server",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:ansible_automation_platform:2"
],
"defaultStatus": "affected",
"product": "Red Hat Ansible Automation Platform 2",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift_ai"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift AI (RHOAI)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift:4"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift Container Platform 4",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:quay:3"
],
"defaultStatus": "affected",
"product": "Red Hat Quay 3",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:satellite:6"
],
"defaultStatus": "affected",
"product": "Red Hat Satellite 6",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:stf:1.5"
],
"defaultStatus": "affected",
"product": "Service Telemetry Framework 1.5",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:exploit_intelligence:0"
],
"defaultStatus": "unaffected",
"product": "Exploit Intelligence",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:external_secrets_operator:1"
],
"defaultStatus": "unaffected",
"product": "External Secrets Operator for Red Hat OpenShift",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:rhmt:1"
],
"defaultStatus": "unaffected",
"product": "Migration Toolkit for Containers",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:migration_toolkit_virtualization:2"
],
"defaultStatus": "unaffected",
"product": "Migration Toolkit for Virtualization",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:service_mesh:3"
],
"defaultStatus": "unaffected",
"product": "OpenShift Service Mesh 3",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:quarkus:3"
],
"defaultStatus": "unaffected",
"product": "Red Hat build of Quarkus Native builder",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:rhdh:1"
],
"defaultStatus": "unaffected",
"product": "Red Hat Developer Hub",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/o:redhat:enterprise_linux:10"
],
"defaultStatus": "unaffected",
"product": "Red Hat Enterprise Linux 10",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/o:redhat:enterprise_linux:6"
],
"defaultStatus": "unaffected",
"product": "Red Hat Enterprise Linux 6",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
],
"defaultStatus": "unaffected",
"product": "Red Hat Enterprise Linux 7",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/o:redhat:enterprise_linux:8"
],
"defaultStatus": "unaffected",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/o:redhat:enterprise_linux:9"
],
"defaultStatus": "unaffected",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:enterprise_linux_ai:3"
],
"defaultStatus": "unaffected",
"product": "Red Hat Enterprise Linux AI (RHEL AI) 3",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:container_native_virtualization:4"
],
"defaultStatus": "unaffected",
"product": "Red Hat OpenShift Virtualization 4",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openstack:17.1"
],
"defaultStatus": "unaffected",
"product": "Red Hat OpenStack Platform 17.1",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:rhui:4::el8"
],
"defaultStatus": "unaffected",
"product": "Red Hat Update Infrastructure 4 for Cloud Providers",
"vendor": "Red Hat"
}
],
"datePublic": "2026-05-13T15:17:12.611Z",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in urllib3, an HTTP client library for Python. This vulnerability allows a remote attacker to cause excessive resource consumption, such as high CPU usage and massive memory allocation, on the client side. This occurs when urllib3 attempts to decompress an entire HTTP response, even if only a partial read was requested, or when draining the connection after a partial decompression. This can lead to a Denial of Service (DoS) condition."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Important"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-409",
"description": "Improper Handling of Highly Compressed Data (Data Amplification)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-02T12:04:45.067Z",
"orgId": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
"shortName": "redhat-SADP"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2026-44432"
},
{
"name": "RHBZ#2477154",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2477154"
},
{
"tags": [
"x_sadp-csaf-vex"
],
"url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-44432.json"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:34160"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:27929"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:32992"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:28159"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:28157"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:28000"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:28158"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:30078"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:30089"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:30088"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:30087"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:24542"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:24540"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:24544"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:24541"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:34374"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:25928"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:20338"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:33313"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:25039"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:7634"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:24069"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:25143"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:24014"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:24374"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:7625"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:24000"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:24009"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:22934"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:15862"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:33683"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:30076"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:28571"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:26304"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:26212"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:34607"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:34531"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:34526"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:34533"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:24476"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:24483"
}
],
"solutions": [
{
"lang": "en",
"value": "RHSA-2026:34160: Red Hat Ansible Automation Platform 2.6 for RHEL 9"
},
{
"lang": "en",
"value": "RHSA-2026:27929: Red Hat Enterprise Linux AppStream (v. 10)"
},
{
"lang": "en",
"value": "RHSA-2026:32992: Red Hat Enterprise Linux AppStream (v. 8)"
},
{
"lang": "en",
"value": "RHSA-2026:28159: Red Hat Enterprise Linux AppStream (v. 9)"
},
{
"lang": "en",
"value": "RHSA-2026:28157: Red Hat Enterprise Linux AppStream (v. 9)"
},
{
"lang": "en",
"value": "RHSA-2026:28000: Red Hat Enterprise Linux BaseOS (v. 10)"
},
{
"lang": "en",
"value": "RHSA-2026:28158: Red Hat Enterprise Linux BaseOS (v. 9)"
},
{
"lang": "en",
"value": "RHSA-2026:30078: Red Hat AI Inference Server 3.3"
},
{
"lang": "en",
"value": "RHSA-2026:30089: Red Hat AI Inference Server 3.3"
},
{
"lang": "en",
"value": "RHSA-2026:30088: Red Hat AI Inference Server 3.3"
},
{
"lang": "en",
"value": "RHSA-2026:30087: Red Hat AI Inference Server 3.3"
},
{
"lang": "en",
"value": "RHSA-2026:24542: Red Hat AI Inference Server 3.4"
},
{
"lang": "en",
"value": "RHSA-2026:24540: Red Hat AI Inference Server 3.4"
},
{
"lang": "en",
"value": "RHSA-2026:24544: Red Hat AI Inference Server 3.4"
},
{
"lang": "en",
"value": "RHSA-2026:24541: Red Hat AI Inference Server 3.4"
},
{
"lang": "en",
"value": "RHSA-2026:34374: Red Hat Ansible Automation Platform 2.6"
},
{
"lang": "en",
"value": "RHSA-2026:25928: Red Hat Ansible Automation Platform 2.7"
},
{
"lang": "en",
"value": "RHSA-2026:20338: Red Hat Discovery 2"
},
{
"lang": "en",
"value": "RHSA-2026:33313: Red Hat Discovery 2"
},
{
"lang": "en",
"value": "RHSA-2026:25039: Red Hat Hardened Images"
},
{
"lang": "en",
"value": "RHSA-2026:7634: Red Hat Hardened Images"
},
{
"lang": "en",
"value": "RHSA-2026:24069: Red Hat Hardened Images"
},
{
"lang": "en",
"value": "RHSA-2026:25143: Red Hat Hardened Images"
},
{
"lang": "en",
"value": "RHSA-2026:24014: Red Hat Hardened Images"
},
{
"lang": "en",
"value": "RHSA-2026:24374: Red Hat Hardened Images"
},
{
"lang": "en",
"value": "RHSA-2026:7625: Red Hat Hardened Images"
},
{
"lang": "en",
"value": "RHSA-2026:24000: Red Hat Hardened Images"
},
{
"lang": "en",
"value": "RHSA-2026:24009: Red Hat Hardened Images"
},
{
"lang": "en",
"value": "RHSA-2026:22934: Red Hat Hardened Images"
},
{
"lang": "en",
"value": "RHSA-2026:15862: Red Hat Hardened Images"
},
{
"lang": "en",
"value": "RHSA-2026:33683: Red Hat Quay 3.10"
},
{
"lang": "en",
"value": "RHSA-2026:30076: Red Hat Quay 3.12"
},
{
"lang": "en",
"value": "RHSA-2026:28571: Red Hat Quay 3.9"
},
{
"lang": "en",
"value": "RHSA-2026:26304: Red Hat Satellite 6.18"
},
{
"lang": "en",
"value": "RHSA-2026:26212: Red Hat Satellite 6.18"
},
{
"lang": "en",
"value": "RHSA-2026:34607: Red Hat Satellite 6.19"
},
{
"lang": "en",
"value": "RHSA-2026:34531: Red Hat Satellite 6.19"
},
{
"lang": "en",
"value": "RHSA-2026:34526: Red Hat Satellite 6.19"
},
{
"lang": "en",
"value": "RHSA-2026:34533: Red Hat Satellite 6.19"
},
{
"lang": "en",
"value": "RHSA-2026:24476: Red Hat Trusted Artifact Signer 1.3"
},
{
"lang": "en",
"value": "RHSA-2026:24483: Red Hat Trusted Artifact Signer 1.4"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-05-13T17:01:01.083Z",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2026-05-13T15:17:12.611Z",
"value": "Made public."
}
],
"title": "urllib3: urllib3: Denial of Service due to excessive HTTP response decompression",
"x_adpType": "supplier",
"x_generator": {
"engine": "sadp-cli 1.0.0"
}
}
],
"cna": {
"affected": [
{
"product": "urllib3",
"vendor": "urllib3",
"versions": [
{
"status": "affected",
"version": "\u003e= 2.6.0, \u003c 2.7.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "urllib3 is an HTTP client library for Python. From 2.6.0 to before 2.7.0, urllib3 could decompress the whole response instead of the requested portion (1) during the second HTTPResponse.read(amt=N) call when the response was decompressed using the official Brotli library or (2) when HTTPResponse.drain_conn() was called after the response had been read and decompressed partially (compression algorithm did not matter here). These issues could cause urllib3 to fully decode a small amount of highly compressed data in a single operation. This could result in excessive resource consumption (high CPU usage and massive memory allocation for the decompressed data) on the client side. This vulnerability is fixed in 2.7.0."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 8.9,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-409",
"description": "CWE-409: Improper Handling of Highly Compressed Data (Data Amplification)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-13T15:17:12.611Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/urllib3/urllib3/security/advisories/GHSA-mf9v-mfxr-j63j",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/urllib3/urllib3/security/advisories/GHSA-mf9v-mfxr-j63j"
}
],
"source": {
"advisory": "GHSA-mf9v-mfxr-j63j",
"discovery": "UNKNOWN"
},
"title": "urllib3: Decompression-bomb safeguards bypassed in parts of the streaming API"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-44432",
"datePublished": "2026-05-13T15:17:12.611Z",
"dateReserved": "2026-05-06T14:40:00.954Z",
"dateUpdated": "2026-07-02T12:04:45.067Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2026-44432",
"date": "2026-07-05",
"epss": "0.0068",
"percentile": "0.47917"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2026-44432\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2026-05-13T16:16:57.303\",\"lastModified\":\"2026-07-02T12:17:22.150\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"urllib3 is an HTTP client library for Python. From 2.6.0 to before 2.7.0, urllib3 could decompress the whole response instead of the requested portion (1) during the second HTTPResponse.read(amt=N) call when the response was decompressed using the official Brotli library or (2) when HTTPResponse.drain_conn() was called after the response had been read and decompressed partially (compression algorithm did not matter here). These issues could cause urllib3 to fully decode a small amount of highly compressed data in a single operation. This could result in excessive resource consumption (high CPU usage and massive memory allocation for the decompressed data) on the client side. This vulnerability is fixed in 2.7.0.\"}],\"affected\":[{\"source\":\"security-advisories@github.com\",\"affectedData\":[{\"vendor\":\"urllib3\",\"product\":\"urllib3\",\"versions\":[{\"version\":\"\u003e= 2.6.0, \u003c 2.7.0\",\"status\":\"affected\"}]}]},{\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\",\"affectedData\":[{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Ansible Automation Platform 2.6 for RHEL 9\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:ansible_automation_platform:2.6::el9\",\"cpe:/a:redhat:ansible_automation_platform_developer:2.6::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux AppStream (v. 10)\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/o:redhat:enterprise_linux:10.2\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux AppStream (v. 8)\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:enterprise_linux:8::appstream\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux AppStream (v. 9)\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:enterprise_linux:9::appstream\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux BaseOS (v. 10)\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/o:redhat:enterprise_linux:10.2\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux BaseOS (v. 9)\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/o:redhat:enterprise_linux:9::baseos\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat AI Inference Server 3.3\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:ai_inference_server:3.3::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat AI Inference Server 3.4\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:ai_inference_server:3.4::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Ansible Automation Platform 2.6\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:ansible_automation_platform:2.6::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Ansible Automation Platform 2.7\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:ansible_automation_platform:2.7::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Discovery 2\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:discovery:2::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Hardened Images\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:hummingbird:1\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Quay 3.10\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:quay:3.10::el8\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Quay 3.12\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:quay:3.12::el8\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Quay 3.9\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:quay:3.9::el8\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Satellite 6.18\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:satellite:6.18::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Satellite 6.19\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:satellite:6.19::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Trusted Artifact Signer 1.3\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:trusted_artifact_signer:1.3::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Trusted Artifact Signer 1.4\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:trusted_artifact_signer:1.4::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Migration Toolkit for Applications 8\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:migration_toolkit_applications:8\"]},{\"vendor\":\"Red Hat\",\"product\":\"OpenShift Lightspeed\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:openshift_lightspeed\"]},{\"vendor\":\"Red Hat\",\"product\":\"Pen Drive Powered by Red Hat Lightspeed\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:pdrive_lightspeed:0\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat AI Inference Server\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:ai_inference_server:3\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Ansible Automation Platform 2\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:ansible_automation_platform:2\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat OpenShift AI (RHOAI)\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:openshift_ai\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat OpenShift Container Platform 4\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:openshift:4\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Quay 3\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:quay:3\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Satellite 6\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:satellite:6\"]},{\"vendor\":\"Red Hat\",\"product\":\"Service Telemetry Framework 1.5\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:stf:1.5\"]},{\"vendor\":\"Red Hat\",\"product\":\"Exploit Intelligence\",\"defaultStatus\":\"unaffected\",\"cpes\":[\"cpe:/a:redhat:exploit_intelligence:0\"]},{\"vendor\":\"Red Hat\",\"product\":\"External Secrets Operator for Red Hat OpenShift\",\"defaultStatus\":\"unaffected\",\"cpes\":[\"cpe:/a:redhat:external_secrets_operator:1\"]},{\"vendor\":\"Red Hat\",\"product\":\"Migration Toolkit for Containers\",\"defaultStatus\":\"unaffected\",\"cpes\":[\"cpe:/a:redhat:rhmt:1\"]},{\"vendor\":\"Red Hat\",\"product\":\"Migration Toolkit for Virtualization\",\"defaultStatus\":\"unaffected\",\"cpes\":[\"cpe:/a:redhat:migration_toolkit_virtualization:2\"]},{\"vendor\":\"Red Hat\",\"product\":\"OpenShift Service Mesh 3\",\"defaultStatus\":\"unaffected\",\"cpes\":[\"cpe:/a:redhat:service_mesh:3\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat build of Quarkus Native builder\",\"defaultStatus\":\"unaffected\",\"cpes\":[\"cpe:/a:redhat:quarkus:3\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Developer Hub\",\"defaultStatus\":\"unaffected\",\"cpes\":[\"cpe:/a:redhat:rhdh:1\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux 10\",\"defaultStatus\":\"unaffected\",\"cpes\":[\"cpe:/o:redhat:enterprise_linux:10\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux 6\",\"defaultStatus\":\"unaffected\",\"cpes\":[\"cpe:/o:redhat:enterprise_linux:6\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux 7\",\"defaultStatus\":\"unaffected\",\"cpes\":[\"cpe:/o:redhat:enterprise_linux:7\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux 8\",\"defaultStatus\":\"unaffected\",\"cpes\":[\"cpe:/o:redhat:enterprise_linux:8\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux 9\",\"defaultStatus\":\"unaffected\",\"cpes\":[\"cpe:/o:redhat:enterprise_linux:9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux AI (RHEL AI) 3\",\"defaultStatus\":\"unaffected\",\"cpes\":[\"cpe:/a:redhat:enterprise_linux_ai:3\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat OpenShift Virtualization 4\",\"defaultStatus\":\"unaffected\",\"cpes\":[\"cpe:/a:redhat:container_native_virtualization:4\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat OpenStack Platform 17.1\",\"defaultStatus\":\"unaffected\",\"cpes\":[\"cpe:/a:redhat:openstack:17.1\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Update Infrastructure 4 for Cloud Providers\",\"defaultStatus\":\"unaffected\",\"cpes\":[\"cpe:/a:redhat:rhui:4::el8\"]}]}],\"metrics\":{\"cvssMetricV40\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"4.0\",\"vectorString\":\"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X\",\"baseScore\":8.9,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"attackRequirements\":\"PRESENT\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"vulnConfidentialityImpact\":\"NONE\",\"vulnIntegrityImpact\":\"NONE\",\"vulnAvailabilityImpact\":\"HIGH\",\"subConfidentialityImpact\":\"NONE\",\"subIntegrityImpact\":\"NONE\",\"subAvailabilityImpact\":\"HIGH\",\"exploitMaturity\":\"NOT_DEFINED\",\"confidentialityRequirement\":\"NOT_DEFINED\",\"integrityRequirement\":\"NOT_DEFINED\",\"availabilityRequirement\":\"NOT_DEFINED\",\"modifiedAttackVector\":\"NOT_DEFINED\",\"modifiedAttackComplexity\":\"NOT_DEFINED\",\"modifiedAttackRequirements\":\"NOT_DEFINED\",\"modifiedPrivilegesRequired\":\"NOT_DEFINED\",\"modifiedUserInteraction\":\"NOT_DEFINED\",\"modifiedVulnConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedVulnIntegrityImpact\":\"NOT_DEFINED\",\"modifiedVulnAvailabilityImpact\":\"NOT_DEFINED\",\"modifiedSubConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedSubIntegrityImpact\":\"NOT_DEFINED\",\"modifiedSubAvailabilityImpact\":\"NOT_DEFINED\",\"Safety\":\"NOT_DEFINED\",\"Automatable\":\"NOT_DEFINED\",\"Recovery\":\"NOT_DEFINED\",\"valueDensity\":\"NOT_DEFINED\",\"vulnerabilityResponseEffort\":\"NOT_DEFINED\",\"providerUrgency\":\"NOT_DEFINED\"}}],\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6},{\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}],\"ssvcV203\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"ssvcData\":{\"timestamp\":\"2026-05-15T18:17:39.119999Z\",\"id\":\"CVE-2026-44432\",\"options\":[{\"exploitation\":\"none\"},{\"automatable\":\"no\"},{\"technicalImpact\":\"partial\"}],\"role\":\"CISA Coordinator\",\"version\":\"2.0.3\"}}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-409\"}]},{\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-409\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:python:urllib3:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2.6.0\",\"versionEndExcluding\":\"2.7.0\",\"matchCriteriaId\":\"2B9D0BE5-DF70-4B46-8128-324E04104B1B\"}]}]}],\"references\":[{\"url\":\"https://github.com/urllib3/urllib3/security/advisories/GHSA-mf9v-mfxr-j63j\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Mitigation\",\"Vendor Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:15862\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:20338\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:22934\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:24000\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:24009\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:24014\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:24069\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:24374\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:24476\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:24483\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:24540\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:24541\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:24542\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:24544\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:25039\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:25143\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:25928\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:26212\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:26304\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:27929\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:28000\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:28157\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:28158\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:28159\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:28571\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:30076\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:30078\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:30087\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:30088\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:30089\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:32992\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:33313\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:33683\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:34160\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:34374\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:34526\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:34531\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:34533\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:34607\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:7625\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:7634\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/security/cve/CVE-2026-44432\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=2477154\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-44432.json\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"urllib3: urllib3: Denial of Service due to excessive HTTP response decompression\", \"metrics\": [{\"other\": {\"type\": \"Red Hat severity rating\", \"content\": {\"value\": \"Important\", \"namespace\": \"https://access.redhat.com/security/updates/classification/\"}}}, {\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.5, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"NONE\"}}], \"affected\": [{\"cpes\": [\"cpe:/o:redhat:enterprise_linux:10.2\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux AppStream (v. 10)\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:enterprise_linux:8::appstream\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux AppStream (v. 8)\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:enterprise_linux:9::appstream\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux AppStream (v. 9)\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/o:redhat:enterprise_linux:10.2\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux BaseOS (v. 10)\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/o:redhat:enterprise_linux:9::baseos\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux BaseOS (v. 9)\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:ai_inference_server:3.3::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat AI Inference Server 3.3\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:ai_inference_server:3.4::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat AI Inference Server 3.4\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:ansible_automation_platform:2.7::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Ansible Automation Platform 2.7\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:discovery:2::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Discovery 2\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:hummingbird:1\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Hardened Images\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:quay:3.10::el8\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Quay 3.10\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:quay:3.12::el8\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Quay 3.12\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:quay:3.9::el8\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Quay 3.9\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:satellite:6.18::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Satellite 6.18\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:trusted_artifact_signer:1.3::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Trusted Artifact Signer 1.3\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:trusted_artifact_signer:1.4::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Trusted Artifact Signer 1.4\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:migration_toolkit_applications:8\"], \"vendor\": \"Red Hat\", \"product\": \"Migration Toolkit for Applications 8\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:openshift_lightspeed\"], \"vendor\": \"Red Hat\", \"product\": \"OpenShift Lightspeed\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:pdrive_lightspeed:0\"], \"vendor\": \"Red Hat\", \"product\": \"Pen Drive Powered by Red Hat Lightspeed\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:ai_inference_server:3\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat AI Inference Server\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:ansible_automation_platform:2\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Ansible Automation Platform 2\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:openshift_ai\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenShift AI (RHOAI)\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:openshift:4\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenShift Container Platform 4\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:quay:3\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Quay 3\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:satellite:6\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Satellite 6\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:stf:1.5\"], \"vendor\": \"Red Hat\", \"product\": \"Service Telemetry Framework 1.5\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:exploit_intelligence:0\"], \"vendor\": \"Red Hat\", \"product\": \"Exploit Intelligence\", \"defaultStatus\": \"unaffected\"}, {\"cpes\": [\"cpe:/a:redhat:external_secrets_operator:1\"], \"vendor\": \"Red Hat\", \"product\": \"External Secrets Operator for Red Hat OpenShift\", \"defaultStatus\": \"unaffected\"}, {\"cpes\": [\"cpe:/a:redhat:rhmt:1\"], \"vendor\": \"Red Hat\", \"product\": \"Migration Toolkit for Containers\", \"defaultStatus\": \"unaffected\"}, {\"cpes\": [\"cpe:/a:redhat:migration_toolkit_virtualization:2\"], \"vendor\": \"Red Hat\", \"product\": \"Migration Toolkit for Virtualization\", \"defaultStatus\": \"unaffected\"}, {\"cpes\": [\"cpe:/a:redhat:service_mesh:3\"], \"vendor\": \"Red Hat\", \"product\": \"OpenShift Service Mesh 3\", \"defaultStatus\": \"unaffected\"}, {\"cpes\": [\"cpe:/a:redhat:quarkus:3\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat build of Quarkus Native builder\", \"defaultStatus\": \"unaffected\"}, {\"cpes\": [\"cpe:/a:redhat:rhdh:1\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Developer Hub\", \"defaultStatus\": \"unaffected\"}, {\"cpes\": [\"cpe:/o:redhat:enterprise_linux:10\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 10\", \"defaultStatus\": \"unaffected\"}, {\"cpes\": [\"cpe:/o:redhat:enterprise_linux:6\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 6\", \"defaultStatus\": \"unaffected\"}, {\"cpes\": [\"cpe:/o:redhat:enterprise_linux:7\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 7\", \"defaultStatus\": \"unaffected\"}, {\"cpes\": [\"cpe:/o:redhat:enterprise_linux:8\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 8\", \"defaultStatus\": \"unaffected\"}, {\"cpes\": [\"cpe:/o:redhat:enterprise_linux:9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 9\", \"defaultStatus\": \"unaffected\"}, {\"cpes\": [\"cpe:/a:redhat:enterprise_linux_ai:3\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux AI (RHEL AI) 3\", \"defaultStatus\": \"unaffected\"}, {\"cpes\": [\"cpe:/a:redhat:container_native_virtualization:4\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenShift Virtualization 4\", \"defaultStatus\": \"unaffected\"}, {\"cpes\": [\"cpe:/a:redhat:openstack:17.1\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenStack Platform 17.1\", \"defaultStatus\": \"unaffected\"}, {\"cpes\": [\"cpe:/a:redhat:rhui:4::el8\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Update Infrastructure 4 for Cloud Providers\", \"defaultStatus\": \"unaffected\"}], \"timeline\": [{\"lang\": \"en\", \"time\": \"2026-05-13T17:01:01.083Z\", \"value\": \"Reported to Red Hat.\"}, {\"lang\": \"en\", \"time\": \"2026-05-13T15:17:12.611Z\", \"value\": \"Made public.\"}], \"solutions\": [{\"lang\": \"en\", \"value\": \"RHSA-2026:27929: Red Hat Enterprise Linux AppStream (v. 10)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:32992: Red Hat Enterprise Linux AppStream (v. 8)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:28159: Red Hat Enterprise Linux AppStream (v. 9)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:28157: Red Hat Enterprise Linux AppStream (v. 9)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:28000: Red Hat Enterprise Linux BaseOS (v. 10)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:28158: Red Hat Enterprise Linux BaseOS (v. 9)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:30078: Red Hat AI Inference Server 3.3\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:30089: Red Hat AI Inference Server 3.3\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:30088: Red Hat AI Inference Server 3.3\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:30087: Red Hat AI Inference Server 3.3\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:24542: Red Hat AI Inference Server 3.4\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:24540: Red Hat AI Inference Server 3.4\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:24544: Red Hat AI Inference Server 3.4\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:24541: Red Hat AI Inference Server 3.4\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:25928: Red Hat Ansible Automation Platform 2.7\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:20338: Red Hat Discovery 2\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:33313: Red Hat Discovery 2\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:25039: Red Hat Hardened Images\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:7634: Red Hat Hardened Images\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:24069: Red Hat Hardened Images\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:25143: Red Hat Hardened Images\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:24014: Red Hat Hardened Images\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:24374: Red Hat Hardened Images\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:7625: Red Hat Hardened Images\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:24000: Red Hat Hardened Images\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:24009: Red Hat Hardened Images\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:22934: Red Hat Hardened Images\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:15862: Red Hat Hardened Images\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:33683: Red Hat Quay 3.10\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:30076: Red Hat Quay 3.12\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:28571: Red Hat Quay 3.9\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:26304: Red Hat Satellite 6.18\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:26212: Red Hat Satellite 6.18\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:24476: Red Hat Trusted Artifact Signer 1.3\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:24483: Red Hat Trusted Artifact Signer 1.4\"}], \"x_adpType\": \"supplier\", \"datePublic\": \"2026-05-13T15:17:12.611Z\", \"references\": [{\"url\": \"https://access.redhat.com/security/cve/CVE-2026-44432\", \"tags\": [\"vdb-entry\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=2477154\", \"name\": \"RHBZ#2477154\", \"tags\": [\"issue-tracking\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-44432.json\", \"tags\": [\"x_sadp-csaf-vex\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:27929\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:32992\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:28159\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:28157\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:28000\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:28158\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:30078\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:30089\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:30088\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:30087\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:24542\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:24540\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:24544\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:24541\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:25928\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:20338\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:33313\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:25039\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:7634\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:24069\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:25143\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:24014\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:24374\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:7625\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:24000\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:24009\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:22934\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:15862\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:33683\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:30076\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:28571\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:26304\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:26212\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:24476\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:24483\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}], \"x_generator\": {\"engine\": \"sadp-cli 1.0.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"A flaw was found in urllib3, an HTTP client library for Python. This vulnerability allows a remote attacker to cause excessive resource consumption, such as high CPU usage and massive memory allocation, on the client side. This occurs when urllib3 attempts to decompress an entire HTTP response, even if only a partial read was requested, or when draining the connection after a partial decompression. This can lead to a Denial of Service (DoS) condition.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-409\", \"description\": \"Improper Handling of Highly Compressed Data (Data Amplification)\"}]}], \"providerMetadata\": {\"orgId\": \"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\", \"shortName\": \"redhat-SADP\", \"dateUpdated\": \"2026-07-01T12:05:03.455Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2026-44432\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-05-15T18:17:39.119999Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-05-15T18:25:01.877Z\"}}], \"cna\": {\"title\": \"urllib3: Decompression-bomb safeguards bypassed in parts of the streaming API\", \"source\": {\"advisory\": \"GHSA-mf9v-mfxr-j63j\", \"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"cvssV4_0\": {\"version\": \"4.0\", \"baseScore\": 8.9, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"attackRequirements\": \"PRESENT\", \"privilegesRequired\": \"NONE\", \"subIntegrityImpact\": \"NONE\", \"vulnIntegrityImpact\": \"NONE\", \"subAvailabilityImpact\": \"HIGH\", \"vulnAvailabilityImpact\": \"HIGH\", \"subConfidentialityImpact\": \"NONE\", \"vulnConfidentialityImpact\": \"NONE\"}}], \"affected\": [{\"vendor\": \"urllib3\", \"product\": \"urllib3\", \"versions\": [{\"status\": \"affected\", \"version\": \"\u003e= 2.6.0, \u003c 2.7.0\"}]}], \"references\": [{\"url\": \"https://github.com/urllib3/urllib3/security/advisories/GHSA-mf9v-mfxr-j63j\", \"name\": \"https://github.com/urllib3/urllib3/security/advisories/GHSA-mf9v-mfxr-j63j\", \"tags\": [\"x_refsource_CONFIRM\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"urllib3 is an HTTP client library for Python. From 2.6.0 to before 2.7.0, urllib3 could decompress the whole response instead of the requested portion (1) during the second HTTPResponse.read(amt=N) call when the response was decompressed using the official Brotli library or (2) when HTTPResponse.drain_conn() was called after the response had been read and decompressed partially (compression algorithm did not matter here). These issues could cause urllib3 to fully decode a small amount of highly compressed data in a single operation. This could result in excessive resource consumption (high CPU usage and massive memory allocation for the decompressed data) on the client side. This vulnerability is fixed in 2.7.0.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-409\", \"description\": \"CWE-409: Improper Handling of Highly Compressed Data (Data Amplification)\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2026-05-13T15:17:12.611Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2026-44432\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-07-01T12:05:03.455Z\", \"dateReserved\": \"2026-05-06T14:40:00.954Z\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"datePublished\": \"2026-05-13T15:17:12.611Z\", \"assignerShortName\": \"GitHub_M\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
RHSA-2026:25143
Vulnerability from csaf_redhat - Published: 2026-06-10 22:32 - Updated: 2026-07-02 05:40A flaw was found in MariaDB. During a State Snapshot Transfer (SST), the donor node improperly validates parameters sent by a joiner node. This vulnerability allows a malicious joiner to execute arbitrary shell commands on the donor server through the mariabackup SST method. This could lead to a complete compromise of the donor system.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:mariadb11-8-main@aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Hardened Images:mariadb11-8-main@noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Hardened Images:mariadb11-8-main@src | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Hardened Images:mariadb11-8-main@x86_64 | — |
Vendor Fix
fix
|
A flaw was found in MariaDB server. A user who has been granted EXECUTE access to a stored routine through a role can view the definition of that routine. This information disclosure occurs even if the user does not possess the `SHOW CREATE ROUTINE` privilege, potentially exposing sensitive routine logic. This vulnerability allows for unauthorized access to routine definitions.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:mariadb11-8-main@aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Hardened Images:mariadb11-8-main@noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Hardened Images:mariadb11-8-main@src | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Hardened Images:mariadb11-8-main@x86_64 | — |
Vendor Fix
fix
|
A flaw was found in MariaDB server. When the CONNECT engine is installed and REST support is enabled on Windows, a user can exploit improper sanitization of the table HTTP attribute. This attribute is interpolated into the curl command line, allowing for arbitrary shell command execution on the server.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:mariadb11-8-main@aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Hardened Images:mariadb11-8-main@noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Hardened Images:mariadb11-8-main@src | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Hardened Images:mariadb11-8-main@x86_64 | — |
Vendor Fix
fix
|
A flaw was found in MariaDB's mbstream utility. This vulnerability allows a highly privileged local attacker, who can provide a specially crafted archive, to create files outside of the intended target directory. This is due to mbstream not properly validating paths containing directory traversal sequences (e.g., "/../") during archive unpacking. Successful exploitation could lead to unauthorized file creation, potentially impacting system integrity or availability.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:mariadb11-8-main@aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Hardened Images:mariadb11-8-main@noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Hardened Images:mariadb11-8-main@src | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Hardened Images:mariadb11-8-main@x86_64 | — |
Vendor Fix
fix
|
A flaw was found in MariaDB server. This vulnerability allows a low-privileged authenticated user to bypass a security control that normally restricts file operations. Specifically, the system failed to verify the necessary 'FILE' privilege when certain 'SELECT' statements, which write data to files, were executed with subqueries in their 'FROM' clause. This could enable an attacker to write unauthorized files to the server's file system, potentially leading to the disclosure of sensitive information or a denial of service by corrupting or filling disk space.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:mariadb11-8-main@aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Hardened Images:mariadb11-8-main@noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Hardened Images:mariadb11-8-main@src | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Hardened Images:mariadb11-8-main@x86_64 | — |
Vendor Fix
fix
|
A flaw was found in urllib3, an HTTP client library for Python. This vulnerability allows a remote attacker to cause excessive resource consumption, such as high CPU usage and massive memory allocation, on the client side. This occurs when urllib3 attempts to decompress an entire HTTP response, even if only a partial read was requested, or when draining the connection after a partial decompression. This can lead to a Denial of Service (DoS) condition.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:mariadb11-8-main@aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Hardened Images:mariadb11-8-main@noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Hardened Images:mariadb11-8-main@src | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Hardened Images:mariadb11-8-main@x86_64 | — |
Vendor Fix
fix
|
A flaw was found in MariaDB server. During the State Snapshot Transfer (SST) process, a malicious joiner node could exploit improper parameter validation on the donor node. This vulnerability, specifically within the rsync SST method, allows the malicious joiner to execute arbitrary shell commands on the donor server, leading to potential compromise of the system.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:mariadb11-8-main@aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Hardened Images:mariadb11-8-main@noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Hardened Images:mariadb11-8-main@src | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Hardened Images:mariadb11-8-main@x86_64 | — |
Vendor Fix
fix
|
A flaw was found in MariaDB server. A high-privileged MariaDB user could exploit this vulnerability by manipulating specific global system variables, namely wsrep_sst_receive_address or wsrep_sst_donor. This manipulation could allow the user to execute arbitrary shell commands as the user ID of the mariadbd process on a galera joiner node. The primary impact of this flaw is arbitrary code execution.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:mariadb11-8-main@aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Hardened Images:mariadb11-8-main@noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Hardened Images:mariadb11-8-main@src | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Hardened Images:mariadb11-8-main@x86_64 | — |
Vendor Fix
fix
|
A flaw was found in MariaDB server. When the `wsrep_notify_cmd` feature is enabled, a remote attacker could exploit this vulnerability by embedding shell commands in the name of a joiner node. This could lead to arbitrary code execution on the server, allowing the attacker to take full control of the affected system.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:mariadb11-8-main@aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Hardened Images:mariadb11-8-main@noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Hardened Images:mariadb11-8-main@src | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Hardened Images:mariadb11-8-main@x86_64 | — |
Vendor Fix
fix
|
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for Red Hat Hardened Images RPMs is now available.",
"title": "Topic"
},
{
"category": "general",
"text": "This update includes the following RPMs:\n\nmariadb11.8:\n * mariadb-11.8.8-1.hum1 (aarch64, x86_64)\n * mariadb-backup-11.8.8-1.hum1 (aarch64, x86_64)\n * mariadb-client-utils-11.8.8-1.hum1 (noarch)\n * mariadb-common-11.8.8-1.hum1 (noarch)\n * mariadb-connect-engine-11.8.8-1.hum1 (aarch64, x86_64)\n * mariadb-cracklib-password-check-11.8.8-1.hum1 (aarch64, x86_64)\n * mariadb-devel-11.8.8-1.hum1 (aarch64, x86_64)\n * mariadb-embedded-11.8.8-1.hum1 (aarch64, x86_64)\n * mariadb-embedded-devel-11.8.8-1.hum1 (aarch64, x86_64)\n * mariadb-errmsg-11.8.8-1.hum1 (noarch)\n * mariadb-gssapi-server-11.8.8-1.hum1 (aarch64, x86_64)\n * mariadb-oqgraph-engine-11.8.8-1.hum1 (aarch64, x86_64)\n * mariadb-pam-11.8.8-1.hum1 (aarch64, x86_64)\n * mariadb-rocksdb-engine-11.8.8-1.hum1 (x86_64)\n * mariadb-s3-engine-11.8.8-1.hum1 (aarch64, x86_64)\n * mariadb-server-11.8.8-1.hum1 (aarch64, x86_64)\n * mariadb-server-galera-11.8.8-1.hum1 (aarch64, x86_64)\n * mariadb-server-utils-11.8.8-1.hum1 (noarch)\n * mariadb-sphinx-engine-11.8.8-1.hum1 (aarch64, x86_64)\n * mariadb-test-11.8.8-1.hum1 (aarch64, x86_64)\n * mariadb11.8-11.8.8-1.hum1.src (src)",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:25143",
"url": "https://access.redhat.com/errata/RHSA-2026:25143"
},
{
"category": "external",
"summary": "https://images.redhat.com/",
"url": "https://images.redhat.com/"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-49261",
"url": "https://access.redhat.com/security/cve/CVE-2026-49261"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-44169",
"url": "https://access.redhat.com/security/cve/CVE-2026-44169"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-44432",
"url": "https://access.redhat.com/security/cve/CVE-2026-44432"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-44168",
"url": "https://access.redhat.com/security/cve/CVE-2026-44168"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-44171",
"url": "https://access.redhat.com/security/cve/CVE-2026-44171"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-44170",
"url": "https://access.redhat.com/security/cve/CVE-2026-44170"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-48163",
"url": "https://access.redhat.com/security/cve/CVE-2026-48163"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-48165",
"url": "https://access.redhat.com/security/cve/CVE-2026-48165"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-44173",
"url": "https://access.redhat.com/security/cve/CVE-2026-44173"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_25143.json"
}
],
"title": "Red Hat Security Advisory: Red Hat Hardened Images RPMs bug fix and enhancement update",
"tracking": {
"current_release_date": "2026-07-02T05:40:16+00:00",
"generator": {
"date": "2026-07-02T05:40:16+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.3.1"
}
},
"id": "RHSA-2026:25143",
"initial_release_date": "2026-06-10T22:32:43+00:00",
"revision_history": [
{
"date": "2026-06-10T22:32:43+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-06-24T12:18:20+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-07-02T05:40:16+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Hardened Images",
"product": {
"name": "Red Hat Hardened Images",
"product_id": "Red Hat Hardened Images",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:hummingbird:1"
}
}
}
],
"category": "product_family",
"name": "Red Hat Hardened Images"
},
{
"branches": [
{
"category": "product_version",
"name": "mariadb11-8-main@aarch64",
"product": {
"name": "mariadb11-8-main@aarch64",
"product_id": "mariadb11-8-main@aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mariadb@11.8.8-1.hum1?arch=aarch64\u0026distro=hummingbird-20251124\u0026repository_id=public-hummingbird-aarch64-rpms"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "mariadb11-8-main@x86_64",
"product": {
"name": "mariadb11-8-main@x86_64",
"product_id": "mariadb11-8-main@x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mariadb@11.8.8-1.hum1?arch=x86_64\u0026distro=hummingbird-20251124\u0026repository_id=public-hummingbird-x86_64-rpms"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "mariadb11-8-main@noarch",
"product": {
"name": "mariadb11-8-main@noarch",
"product_id": "mariadb11-8-main@noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mariadb-client-utils@11.8.8-1.hum1?arch=noarch\u0026distro=hummingbird-20251124\u0026repository_id=public-hummingbird-x86_64-rpms"
}
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "mariadb11-8-main@src",
"product": {
"name": "mariadb11-8-main@src",
"product_id": "mariadb11-8-main@src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mariadb11.8@11.8.8-1.hum1?arch=src\u0026distro=hummingbird-20251124\u0026repository_id=public-hummingbird-source-rpms"
}
}
}
],
"category": "architecture",
"name": "src"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "mariadb11-8-main@aarch64 as a component of Red Hat Hardened Images",
"product_id": "Red Hat Hardened Images:mariadb11-8-main@aarch64"
},
"product_reference": "mariadb11-8-main@aarch64",
"relates_to_product_reference": "Red Hat Hardened Images"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mariadb11-8-main@noarch as a component of Red Hat Hardened Images",
"product_id": "Red Hat Hardened Images:mariadb11-8-main@noarch"
},
"product_reference": "mariadb11-8-main@noarch",
"relates_to_product_reference": "Red Hat Hardened Images"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mariadb11-8-main@src as a component of Red Hat Hardened Images",
"product_id": "Red Hat Hardened Images:mariadb11-8-main@src"
},
"product_reference": "mariadb11-8-main@src",
"relates_to_product_reference": "Red Hat Hardened Images"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mariadb11-8-main@x86_64 as a component of Red Hat Hardened Images",
"product_id": "Red Hat Hardened Images:mariadb11-8-main@x86_64"
},
"product_reference": "mariadb11-8-main@x86_64",
"relates_to_product_reference": "Red Hat Hardened Images"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-44168",
"cwe": {
"id": "CWE-78",
"name": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)"
},
"discovery_date": "2026-06-12T18:01:00.657144+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2488450"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in MariaDB. During a State Snapshot Transfer (SST), the donor node improperly validates parameters sent by a joiner node. This vulnerability allows a malicious joiner to execute arbitrary shell commands on the donor server through the mariabackup SST method. This could lead to a complete compromise of the donor system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "mariadb: Arbitrary Code Execution via improper parameter validation during State Snapshot Transfer",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is an Important vulnerability in MariaDB where a malicious joiner can execute arbitrary shell commands on a donor node during a State Snapshot Transfer (SST) due to improper parameter validation. While requiring high privileges and high attack complexity, successful exploitation could lead to a complete compromise of the donor system in MariaDB deployments configured for clustering with SST.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:mariadb11-8-main@aarch64",
"Red Hat Hardened Images:mariadb11-8-main@noarch",
"Red Hat Hardened Images:mariadb11-8-main@src",
"Red Hat Hardened Images:mariadb11-8-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-44168"
},
{
"category": "external",
"summary": "RHBZ#2488450",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2488450"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-44168",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-44168"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-44168",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44168"
},
{
"category": "external",
"summary": "https://github.com/MariaDB/server/security/advisories/GHSA-vwf7-w26c-9w5h",
"url": "https://github.com/MariaDB/server/security/advisories/GHSA-vwf7-w26c-9w5h"
},
{
"category": "external",
"summary": "https://jira.mariadb.org/browse/MDEV-39413",
"url": "https://jira.mariadb.org/browse/MDEV-39413"
}
],
"release_date": "2026-06-12T17:31:26.921000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-10T22:32:43+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:mariadb11-8-main@aarch64",
"Red Hat Hardened Images:mariadb11-8-main@noarch",
"Red Hat Hardened Images:mariadb11-8-main@src",
"Red Hat Hardened Images:mariadb11-8-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:25143"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:mariadb11-8-main@aarch64",
"Red Hat Hardened Images:mariadb11-8-main@noarch",
"Red Hat Hardened Images:mariadb11-8-main@src",
"Red Hat Hardened Images:mariadb11-8-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "mariadb: Arbitrary Code Execution via improper parameter validation during State Snapshot Transfer"
},
{
"cve": "CVE-2026-44169",
"cwe": {
"id": "CWE-266",
"name": "Incorrect Privilege Assignment"
},
"discovery_date": "2026-06-12T18:01:57.787745+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2488467"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in MariaDB server. A user who has been granted EXECUTE access to a stored routine through a role can view the definition of that routine. This information disclosure occurs even if the user does not possess the `SHOW CREATE ROUTINE` privilege, potentially exposing sensitive routine logic. This vulnerability allows for unauthorized access to routine definitions.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "mariadb: MariaDB server: Information disclosure of stored routine definitions due to insufficient privilege check",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Moderate: MariaDB server, as shipped in Red Hat products, is affected by an information disclosure flaw. A user granted EXECUTE access to a stored routine through a role can view the routine\u0027s definition without possessing the SHOW CREATE ROUTINE privilege. This is considered Moderate as it requires existing privileges and only exposes routine logic, not arbitrary code execution or data manipulation.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:mariadb11-8-main@aarch64",
"Red Hat Hardened Images:mariadb11-8-main@noarch",
"Red Hat Hardened Images:mariadb11-8-main@src",
"Red Hat Hardened Images:mariadb11-8-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-44169"
},
{
"category": "external",
"summary": "RHBZ#2488467",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2488467"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-44169",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-44169"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-44169",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44169"
},
{
"category": "external",
"summary": "https://github.com/MariaDB/server/security/advisories/GHSA-22xq-vq3f-87x2",
"url": "https://github.com/MariaDB/server/security/advisories/GHSA-22xq-vq3f-87x2"
},
{
"category": "external",
"summary": "https://jira.mariadb.org/browse/MDEV-39288",
"url": "https://jira.mariadb.org/browse/MDEV-39288"
}
],
"release_date": "2026-06-12T17:31:53.344000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-10T22:32:43+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:mariadb11-8-main@aarch64",
"Red Hat Hardened Images:mariadb11-8-main@noarch",
"Red Hat Hardened Images:mariadb11-8-main@src",
"Red Hat Hardened Images:mariadb11-8-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:25143"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:mariadb11-8-main@aarch64",
"Red Hat Hardened Images:mariadb11-8-main@noarch",
"Red Hat Hardened Images:mariadb11-8-main@src",
"Red Hat Hardened Images:mariadb11-8-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "mariadb: MariaDB server: Information disclosure of stored routine definitions due to insufficient privilege check"
},
{
"cve": "CVE-2026-44170",
"cwe": {
"id": "CWE-78",
"name": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)"
},
"discovery_date": "2026-06-12T18:01:03.632525+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2488451"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in MariaDB server. When the CONNECT engine is installed and REST support is enabled on Windows, a user can exploit improper sanitization of the table HTTP attribute. This attribute is interpolated into the curl command line, allowing for arbitrary shell command execution on the server.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "mariadb: Arbitrary shell command execution via improper sanitization in CONNECT engine",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Important: This flaw in the MariaDB CONNECT engine, which permits arbitrary shell command execution, is specific to MariaDB installations on Windows with REST support enabled. Red Hat\u0027s MariaDB deployments on Linux are not directly affected by this particular vulnerability.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:mariadb11-8-main@aarch64",
"Red Hat Hardened Images:mariadb11-8-main@noarch",
"Red Hat Hardened Images:mariadb11-8-main@src",
"Red Hat Hardened Images:mariadb11-8-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-44170"
},
{
"category": "external",
"summary": "RHBZ#2488451",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2488451"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-44170",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-44170"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-44170",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44170"
},
{
"category": "external",
"summary": "https://github.com/MariaDB/server/security/advisories/GHSA-f835-cfjq-wf73",
"url": "https://github.com/MariaDB/server/security/advisories/GHSA-f835-cfjq-wf73"
},
{
"category": "external",
"summary": "https://jira.mariadb.org/browse/MDEV-39289",
"url": "https://jira.mariadb.org/browse/MDEV-39289"
}
],
"release_date": "2026-06-12T17:30:15.405000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-10T22:32:43+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:mariadb11-8-main@aarch64",
"Red Hat Hardened Images:mariadb11-8-main@noarch",
"Red Hat Hardened Images:mariadb11-8-main@src",
"Red Hat Hardened Images:mariadb11-8-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:25143"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:mariadb11-8-main@aarch64",
"Red Hat Hardened Images:mariadb11-8-main@noarch",
"Red Hat Hardened Images:mariadb11-8-main@src",
"Red Hat Hardened Images:mariadb11-8-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "mariadb: Arbitrary shell command execution via improper sanitization in CONNECT engine"
},
{
"cve": "CVE-2026-44171",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"discovery_date": "2026-06-12T18:01:09.753065+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2488453"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in MariaDB\u0027s mbstream utility. This vulnerability allows a highly privileged local attacker, who can provide a specially crafted archive, to create files outside of the intended target directory. This is due to mbstream not properly validating paths containing directory traversal sequences (e.g., \"/../\") during archive unpacking. Successful exploitation could lead to unauthorized file creation, potentially impacting system integrity or availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "mariadb: mbstream: Unauthorized file creation via path traversal",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This Moderate vulnerability in MariaDB\u0027s mbstream utility could allow a highly privileged local attacker to create arbitrary files outside of the designated target directory. By providing a specially crafted archive, an attacker could exploit a path traversal flaw during archive unpacking, potentially impacting the integrity and availability of Red Hat systems utilizing MariaDB.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:mariadb11-8-main@aarch64",
"Red Hat Hardened Images:mariadb11-8-main@noarch",
"Red Hat Hardened Images:mariadb11-8-main@src",
"Red Hat Hardened Images:mariadb11-8-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-44171"
},
{
"category": "external",
"summary": "RHBZ#2488453",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2488453"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-44171",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-44171"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-44171",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44171"
},
{
"category": "external",
"summary": "https://github.com/MariaDB/server/security/advisories/GHSA-9pjh-5hhw-65v9",
"url": "https://github.com/MariaDB/server/security/advisories/GHSA-9pjh-5hhw-65v9"
},
{
"category": "external",
"summary": "https://jira.mariadb.org/browse/MDEV-39408",
"url": "https://jira.mariadb.org/browse/MDEV-39408"
}
],
"release_date": "2026-06-12T17:33:27.365000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-10T22:32:43+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:mariadb11-8-main@aarch64",
"Red Hat Hardened Images:mariadb11-8-main@noarch",
"Red Hat Hardened Images:mariadb11-8-main@src",
"Red Hat Hardened Images:mariadb11-8-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:25143"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:mariadb11-8-main@aarch64",
"Red Hat Hardened Images:mariadb11-8-main@noarch",
"Red Hat Hardened Images:mariadb11-8-main@src",
"Red Hat Hardened Images:mariadb11-8-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "mariadb: mbstream: Unauthorized file creation via path traversal"
},
{
"cve": "CVE-2026-44173",
"cwe": {
"id": "CWE-266",
"name": "Incorrect Privilege Assignment"
},
"discovery_date": "2026-06-12T18:01:36.157284+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2488460"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in MariaDB server. This vulnerability allows a low-privileged authenticated user to bypass a security control that normally restricts file operations. Specifically, the system failed to verify the necessary \u0027FILE\u0027 privilege when certain \u0027SELECT\u0027 statements, which write data to files, were executed with subqueries in their \u0027FROM\u0027 clause. This could enable an attacker to write unauthorized files to the server\u0027s file system, potentially leading to the disclosure of sensitive information or a denial of service by corrupting or filling disk space.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "mariadb: MariaDB: Privilege bypass allows unauthorized file write via subqueries",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is an Important flaw in MariaDB server that allows a low-privileged authenticated database user to bypass the \u0027FILE\u0027 privilege check. By crafting specific `SELECT ... INTO OUTFILE` or `SELECT ... INTO DUMPFILE` statements with subqueries, an attacker can write arbitrary files to the server\u0027s file system. This could lead to data corruption, information disclosure, or a denial of service on affected Red Hat products where MariaDB is deployed.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:mariadb11-8-main@aarch64",
"Red Hat Hardened Images:mariadb11-8-main@noarch",
"Red Hat Hardened Images:mariadb11-8-main@src",
"Red Hat Hardened Images:mariadb11-8-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-44173"
},
{
"category": "external",
"summary": "RHBZ#2488460",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2488460"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-44173",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-44173"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-44173",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44173"
},
{
"category": "external",
"summary": "https://github.com/MariaDB/server/security/advisories/GHSA-667j-m53j-wpmc",
"url": "https://github.com/MariaDB/server/security/advisories/GHSA-667j-m53j-wpmc"
},
{
"category": "external",
"summary": "https://jira.mariadb.org/browse/MDEV-39493",
"url": "https://jira.mariadb.org/browse/MDEV-39493"
}
],
"release_date": "2026-06-12T17:34:30.301000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-10T22:32:43+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:mariadb11-8-main@aarch64",
"Red Hat Hardened Images:mariadb11-8-main@noarch",
"Red Hat Hardened Images:mariadb11-8-main@src",
"Red Hat Hardened Images:mariadb11-8-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:25143"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:mariadb11-8-main@aarch64",
"Red Hat Hardened Images:mariadb11-8-main@noarch",
"Red Hat Hardened Images:mariadb11-8-main@src",
"Red Hat Hardened Images:mariadb11-8-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "mariadb: MariaDB: Privilege bypass allows unauthorized file write via subqueries"
},
{
"cve": "CVE-2026-44432",
"cwe": {
"id": "CWE-409",
"name": "Improper Handling of Highly Compressed Data (Data Amplification)"
},
"discovery_date": "2026-05-13T17:01:01.083841+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2477154"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in urllib3, an HTTP client library for Python. This vulnerability allows a remote attacker to cause excessive resource consumption, such as high CPU usage and massive memory allocation, on the client side. This occurs when urllib3 attempts to decompress an entire HTTP response, even if only a partial read was requested, or when draining the connection after a partial decompression. This can lead to a Denial of Service (DoS) condition.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "urllib3: urllib3: Denial of Service due to excessive HTTP response decompression",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:mariadb11-8-main@aarch64",
"Red Hat Hardened Images:mariadb11-8-main@noarch",
"Red Hat Hardened Images:mariadb11-8-main@src",
"Red Hat Hardened Images:mariadb11-8-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-44432"
},
{
"category": "external",
"summary": "RHBZ#2477154",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2477154"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-44432",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-44432"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-44432",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44432"
},
{
"category": "external",
"summary": "https://github.com/urllib3/urllib3/security/advisories/GHSA-mf9v-mfxr-j63j",
"url": "https://github.com/urllib3/urllib3/security/advisories/GHSA-mf9v-mfxr-j63j"
}
],
"release_date": "2026-05-13T15:17:12.611000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-10T22:32:43+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:mariadb11-8-main@aarch64",
"Red Hat Hardened Images:mariadb11-8-main@noarch",
"Red Hat Hardened Images:mariadb11-8-main@src",
"Red Hat Hardened Images:mariadb11-8-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:25143"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:mariadb11-8-main@aarch64",
"Red Hat Hardened Images:mariadb11-8-main@noarch",
"Red Hat Hardened Images:mariadb11-8-main@src",
"Red Hat Hardened Images:mariadb11-8-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "urllib3: urllib3: Denial of Service due to excessive HTTP response decompression"
},
{
"cve": "CVE-2026-48163",
"cwe": {
"id": "CWE-78",
"name": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)"
},
"discovery_date": "2026-06-12T18:01:12.767000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2488454"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in MariaDB server. During the State Snapshot Transfer (SST) process, a malicious joiner node could exploit improper parameter validation on the donor node. This vulnerability, specifically within the rsync SST method, allows the malicious joiner to execute arbitrary shell commands on the donor server, leading to potential compromise of the system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "mariadb: Arbitrary code execution via improper parameter validation during SST",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This Important flaw in MariaDB server allows for arbitrary shell command execution on a donor node during the State Snapshot Transfer (SST) process when using the rsync method. A malicious joiner node can exploit improper parameter validation to compromise the donor system. This risk is present in Red Hat environments where MariaDB replication is configured with rsync-based SST and an attacker can introduce a rogue joiner.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:mariadb11-8-main@aarch64",
"Red Hat Hardened Images:mariadb11-8-main@noarch",
"Red Hat Hardened Images:mariadb11-8-main@src",
"Red Hat Hardened Images:mariadb11-8-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-48163"
},
{
"category": "external",
"summary": "RHBZ#2488454",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2488454"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-48163",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-48163"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-48163",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-48163"
},
{
"category": "external",
"summary": "https://github.com/MariaDB/server/security/advisories/GHSA-rpgv-q6gv-684r",
"url": "https://github.com/MariaDB/server/security/advisories/GHSA-rpgv-q6gv-684r"
},
{
"category": "external",
"summary": "https://jira.mariadb.org/browse/MDEV-39648",
"url": "https://jira.mariadb.org/browse/MDEV-39648"
}
],
"release_date": "2026-06-12T17:34:57.923000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-10T22:32:43+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:mariadb11-8-main@aarch64",
"Red Hat Hardened Images:mariadb11-8-main@noarch",
"Red Hat Hardened Images:mariadb11-8-main@src",
"Red Hat Hardened Images:mariadb11-8-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:25143"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:mariadb11-8-main@aarch64",
"Red Hat Hardened Images:mariadb11-8-main@noarch",
"Red Hat Hardened Images:mariadb11-8-main@src",
"Red Hat Hardened Images:mariadb11-8-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "mariadb: Arbitrary code execution via improper parameter validation during SST"
},
{
"cve": "CVE-2026-48165",
"cwe": {
"id": "CWE-78",
"name": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)"
},
"discovery_date": "2026-06-12T18:01:28.777552+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2488458"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in MariaDB server. A high-privileged MariaDB user could exploit this vulnerability by manipulating specific global system variables, namely wsrep_sst_receive_address or wsrep_sst_donor. This manipulation could allow the user to execute arbitrary shell commands as the user ID of the mariadbd process on a galera joiner node. The primary impact of this flaw is arbitrary code execution.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "mariadb: Arbitrary code execution via global system variable manipulation by a high-privileged user",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This Important flaw in MariaDB server allows a high-privileged database user to achieve arbitrary code execution on a Galera joiner node. By manipulating specific global system variables, an attacker can execute shell commands as the mariadbd process user, significantly escalating privileges within the system. This risk is present in Red Hat products utilizing MariaDB with Galera Cluster deployments.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:mariadb11-8-main@aarch64",
"Red Hat Hardened Images:mariadb11-8-main@noarch",
"Red Hat Hardened Images:mariadb11-8-main@src",
"Red Hat Hardened Images:mariadb11-8-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-48165"
},
{
"category": "external",
"summary": "RHBZ#2488458",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2488458"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-48165",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-48165"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-48165",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-48165"
},
{
"category": "external",
"summary": "https://github.com/MariaDB/server/security/advisories/GHSA-7v3p-h23x-8hwv",
"url": "https://github.com/MariaDB/server/security/advisories/GHSA-7v3p-h23x-8hwv"
},
{
"category": "external",
"summary": "https://jira.mariadb.org/browse/MDEV-39676",
"url": "https://jira.mariadb.org/browse/MDEV-39676"
}
],
"release_date": "2026-06-12T17:35:16.918000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-10T22:32:43+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:mariadb11-8-main@aarch64",
"Red Hat Hardened Images:mariadb11-8-main@noarch",
"Red Hat Hardened Images:mariadb11-8-main@src",
"Red Hat Hardened Images:mariadb11-8-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:25143"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:mariadb11-8-main@aarch64",
"Red Hat Hardened Images:mariadb11-8-main@noarch",
"Red Hat Hardened Images:mariadb11-8-main@src",
"Red Hat Hardened Images:mariadb11-8-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "mariadb: Arbitrary code execution via global system variable manipulation by a high-privileged user"
},
{
"cve": "CVE-2026-49261",
"cwe": {
"id": "CWE-78",
"name": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)"
},
"discovery_date": "2026-06-11T18:01:07.126304+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2487957"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in MariaDB server. When the `wsrep_notify_cmd` feature is enabled, a remote attacker could exploit this vulnerability by embedding shell commands in the name of a joiner node. This could lead to arbitrary code execution on the server, allowing the attacker to take full control of the affected system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "mariadb: MariaDB Server: Arbitrary code execution via wsrep_notify_cmd",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat has assessed this vulnerability as Important. Exploitation requires the `wsrep_notify_cmd` server variable to be explicitly set to a notification script by the administrator. This variable is empty by default in the upstream configuration, and Red Hat\u0027s shipped Galera configuration additionally defaults to `wsrep_on=0`. Additionally, the attacker must stand up a MariaDB/Galera node that is accepted into the cluster membership view in order to inject a malicious node name.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:mariadb11-8-main@aarch64",
"Red Hat Hardened Images:mariadb11-8-main@noarch",
"Red Hat Hardened Images:mariadb11-8-main@src",
"Red Hat Hardened Images:mariadb11-8-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-49261"
},
{
"category": "external",
"summary": "RHBZ#2487957",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2487957"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-49261",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-49261"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-49261",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-49261"
},
{
"category": "external",
"summary": "https://github.com/MariaDB/server/security/advisories/GHSA-3p3m-4x7c-p4pw",
"url": "https://github.com/MariaDB/server/security/advisories/GHSA-3p3m-4x7c-p4pw"
},
{
"category": "external",
"summary": "https://jira.mariadb.org/browse/MDEV-39721",
"url": "https://jira.mariadb.org/browse/MDEV-39721"
}
],
"release_date": "2026-06-11T17:13:20.776000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-10T22:32:43+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:mariadb11-8-main@aarch64",
"Red Hat Hardened Images:mariadb11-8-main@noarch",
"Red Hat Hardened Images:mariadb11-8-main@src",
"Red Hat Hardened Images:mariadb11-8-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:25143"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.0,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:mariadb11-8-main@aarch64",
"Red Hat Hardened Images:mariadb11-8-main@noarch",
"Red Hat Hardened Images:mariadb11-8-main@src",
"Red Hat Hardened Images:mariadb11-8-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "mariadb: MariaDB Server: Arbitrary code execution via wsrep_notify_cmd"
}
]
}
RHSA-2026:25928
Vulnerability from csaf_redhat - Published: 2026-06-15 08:51 - Updated: 2026-07-06 05:56A flaw was found in Ansible Lightspeed. This vulnerability, related to insufficient session expiration, allows a remote attacker to maintain persistent access to the Ansible Lightspeed instance. If an attacker exfiltrates a valid OAuth (Open Authorization) access token before a user logs out, they can continue to authenticate and access sensitive data. This is because the application fails to invalidate the token on the backend, leaving it valid until its natural expiration. This can lead to unauthorized read access to Ansible resources such as inventories, playbooks, and configuration data.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/lightspeed-rhel9@sha256:d02ae0212655f8ef70afc7a0656a2fbc95468228b003f6940d01cf4abeb5325b_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/lightspeed-rhel9@sha256:d10f226739a001a0efc0178f19a73fad722dc85484017d13f388f749a374ffea_amd64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/aap-must-gather-rhel9@sha256:51ed36bb2a95df762fa0239faf7bcc70b68dbd5f744bd2094f5e29ecc6700eb3_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/aap-must-gather-rhel9@sha256:8426a97219763cb74366755416683d79e8b56c95da290b0fa2fff59a5db51db3_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/ansible-builder-rhel9@sha256:0ddbc5f91472e5872912da6131e71df85e87b79ef8ea3d38bb4247f1456d4a00_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/ansible-builder-rhel9@sha256:f75e2056244899ae5e2ecab1404663bf554f7451cc521e0d7a75a2f40ecac7a1_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/ansible-dev-tools-rhel9@sha256:7dcd3a60624fa4f6c9f591ef8ffc48ba0f5152b7108a6070fa8f680c20168c95_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/ansible-dev-tools-rhel9@sha256:a8135ef1879793f311f2661c380bd5fbbedc14a4d195aeaa5a4cb04ad4845f49_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/ansible-devspaces-rhel9@sha256:2211c0e7cd573bf30873329c46e91f98ff01fcb7e0753823d4c0517217c31ac3_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/ansible-devspaces-rhel9@sha256:a6903f68684eb8f5bc688b75e390727b5ed48b864784657e49611966266c9f3f_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/controller-rhel9-operator@sha256:5ffa88952441ddab19ada1bd2603e3614b75d10ef51e38098c2d22d8b358b518_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/controller-rhel9-operator@sha256:afca3fb56256dcb7cb04a67fb52bff0160064c65f901a70fa3e97ed30ddaab7a_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/controller-rhel9@sha256:5e1a04dbcddc141f0026ccee871050cf974175b62c3d22b33e5ec3aec54128d3_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/controller-rhel9@sha256:ddb59951ccb324d8bd6ae9c6a6093f211bcb08d8cac7c4fb10f191e421aa59d3_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/de-minimal-rhel9@sha256:55ad63ce31700829d0df23692d02cb7796404b122f790f9329f4b742c5f6783e_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/de-minimal-rhel9@sha256:587ec88d08d4113f07778f81aae6de62c9e9d971b677b1375b547aa7dd1178c8_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/de-supported-rhel9@sha256:5aa7b2e33b9480f45faf8b4686bfb264838b5c1c62c537c5a2ec7b5a8617ac49_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/de-supported-rhel9@sha256:830fa58a60fbd7f768e236b2052edd1d37fc7cf383a0ccd65483b09fa5b07bd2_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/eda-controller-rhel9-operator@sha256:a18f77ccf6c524f5d0c11d34d6787b22548194b6897abd491de85b00fc1befd3_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/eda-controller-rhel9-operator@sha256:b58803576b7a2e119ffe83ceb252d8d402f1611c891c2c6ac7c4e0399acd848f_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/eda-controller-rhel9@sha256:daefffce756c8c7918377279ada50a9cc127ab0939ed308c786940d5dc42e0d9_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/eda-controller-rhel9@sha256:dfde61892d055e89b056f7fb8863f3a0961df2bb8890323b8301670fc8afc66b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/eda-controller-ui-rhel9@sha256:bd7350b62eb0f2de274eafd7dc32e4cf3073bd597e282268ff17777b9fe5d102_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/eda-controller-ui-rhel9@sha256:fe72e508123fdd2795959017e5572689b039d5bdfc675dc45673c5586fceea17_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/ee-minimal-rhel9@sha256:abaebe0c1fbc2a013fad8ec411a449705c8a78759b82ddbe661afd99e90dada5_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/ee-minimal-rhel9@sha256:c4f9e3356a2217008bd6f69325ae74d547703f1bcfe39bd74737f30c6914f711_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/ee-supported-rhel9@sha256:017495624b22a5825231dd70443dc9ab359da0df5ea16a5a04e0f4dc915b6e0f_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/ee-supported-rhel9@sha256:fcb7685115cfbf0a10ef87d6bb7a43c251c207a4fd7a31c5908cad85b6ae0e1a_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/gateway-proxy-rhel9@sha256:d15bd832817f039fa3c09d6d74088254b6fae15a5efed7a88279a657b2f23f16_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/gateway-proxy-rhel9@sha256:e78dd744714feae5ae944c759759bff17c061c7ed2d3bd1454ba763131ed6ee0_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/gateway-rhel9-operator@sha256:de3d43a8d9a2cf0d533337e825b078205cc37b01c935a4f68ac152a8a7a7533c_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/gateway-rhel9-operator@sha256:eca1f9bd16210653a372e34a4f40ca4d6330618a2acba64f6f7c2e8e95026da1_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/gateway-rhel9@sha256:a961d06200887f646ed797932c3159634581fe144e5f29f1fef47ddc859eed31_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/gateway-rhel9@sha256:bd28a84fe3b750313749ec80d44cac88c7b06408b0caceea08d303f51c1f559a_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/hub-rhel9-operator@sha256:3312c6acd7a577bd8b3ccda5a65f8505ff76e2acc7a46e7f290a49dfb53cfac4_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/hub-rhel9-operator@sha256:c738cf5ef020b44a404402ddd660afc3d418a758751f848068bda4bc5bce0e35_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/hub-rhel9@sha256:3a04de6f43c1352f5df5c5a9e19fd8aad23d2921d23dcef8a9f5e121a87fe800_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/hub-rhel9@sha256:cdd7f08ba3846269e6932375c1a7bdb4ed3bfe062ba7bcd5a872def4293150a6_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/hub-web-rhel9@sha256:adca5f837877df04696709a4826ccae31e2fdc50aa8bc32fabb4ef40cd51f0ef_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/hub-web-rhel9@sha256:fb8342f0f6b8322194bc357c7d9c9d89ef6ca052b88c5618bbf768f555a54b13_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/lightspeed-chatbot-rhel9@sha256:2fab408777ea512f3cf8ac57d5989fa0017f6352dcead3a320d348a3e2ac1004_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/lightspeed-chatbot-rhel9@sha256:c014148a6140721bb7733d5f30c7adbe3e2cc6f8a7cd6c3a939ab96f8c9420ee_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/lightspeed-rhel9-operator@sha256:121e0bfb87b57655db4a735762a26e23f1b3de7b105cbf09bb300043601c1b43_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/lightspeed-rhel9-operator@sha256:6a06579accd268ca5203edab2e46b89166ae6024507cc5b4bed2e126cdef7986_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/mcp-server-rhel9@sha256:302cf11b0faed78e07e863d4b1e7e31db47590b571239385475d8a4c3cda47dc_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/mcp-server-rhel9@sha256:7dbf390d29d295f346662b605448a9748e24b8f541a84f55b6b7c81b87c46025_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/mcp-tools-rhel9@sha256:e6c019048612b124e9a2100220d46f242f0fd2302bbe42e674bf84c21a56b733_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/mcp-tools-rhel9@sha256:f07206e7881bd11636bebb95f7ec9a70cc817f07d7b34f792265a5ec91d4432b_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/metrics-service-rhel9-operator@sha256:7007f666eadfd7294801e6412e624dbc4bd2288f13ea8820ee55e7552f471831_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/metrics-service-rhel9-operator@sha256:d71829d8bd9bfdba7d248e2e2cd5795139382947889b71bb96b27f7d443e1591_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/metrics-service-rhel9@sha256:ce4ef5c8af91d2056a034f9559a5d92742b18aea7aeaf03d2bacfa92d67c5b9b_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/metrics-service-rhel9@sha256:ee347c1a7b52e512d6bdd65afda44f0e372abbaf4c1f81750f23fc473becf777_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/platform-resource-rhel9-operator@sha256:3641db944490dd326c814487e1c10d5d9d079ba74f8321930ab277fe44b51705_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/platform-resource-rhel9-operator@sha256:7e6ea2d4253efb0aaabce270c56bf8ef84148592862608f501b639566b9996f0_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/platform-resource-runner-rhel9@sha256:41c9292a512f44347fc348afd6846e7e8832abde31452ee12ec8eca235acdce4_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/platform-resource-runner-rhel9@sha256:f30a9515d678d60e9ac035b876ecdaaa8a4852c87fe55e16bcabf598ad447b14_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/receptor-rhel9@sha256:1ad72d1f577d63894eec4278c1b92b6e295cb3c0543b4dd2e93750c2cc83d535_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/receptor-rhel9@sha256:5c5bc6761dbd47effea36014affa352bddd5a18696377967f1f50b75df2741fe_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform/platform-operator-bundle@sha256:32560cdb08b7da9d671f9b035e595971c5bdf865c56eb6825b9a4910add1b9cf_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform/platform-operator-bundle@sha256:8ef224281fd23b4203da09336df25550db17b01f025e99b8e9821d4bc3ddedfc_amd64 | — |
Workaround
|
A flaw was found in urllib3, an HTTP client library for Python. When using the low-level API via `ProxyManager.connection_from_url().urlopen()` with `assert_same_host=False`, cross-origin redirects can still forward sensitive headers. This could allow a remote attacker to gain unauthorized access to sensitive information.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/hub-rhel9@sha256:3a04de6f43c1352f5df5c5a9e19fd8aad23d2921d23dcef8a9f5e121a87fe800_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/hub-rhel9@sha256:cdd7f08ba3846269e6932375c1a7bdb4ed3bfe062ba7bcd5a872def4293150a6_amd64 | — |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/aap-must-gather-rhel9@sha256:51ed36bb2a95df762fa0239faf7bcc70b68dbd5f744bd2094f5e29ecc6700eb3_amd64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/aap-must-gather-rhel9@sha256:8426a97219763cb74366755416683d79e8b56c95da290b0fa2fff59a5db51db3_arm64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/ansible-builder-rhel9@sha256:0ddbc5f91472e5872912da6131e71df85e87b79ef8ea3d38bb4247f1456d4a00_amd64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/ansible-builder-rhel9@sha256:f75e2056244899ae5e2ecab1404663bf554f7451cc521e0d7a75a2f40ecac7a1_arm64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/ansible-dev-tools-rhel9@sha256:7dcd3a60624fa4f6c9f591ef8ffc48ba0f5152b7108a6070fa8f680c20168c95_arm64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/ansible-dev-tools-rhel9@sha256:a8135ef1879793f311f2661c380bd5fbbedc14a4d195aeaa5a4cb04ad4845f49_amd64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/ansible-devspaces-rhel9@sha256:2211c0e7cd573bf30873329c46e91f98ff01fcb7e0753823d4c0517217c31ac3_arm64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/ansible-devspaces-rhel9@sha256:a6903f68684eb8f5bc688b75e390727b5ed48b864784657e49611966266c9f3f_amd64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/controller-rhel9-operator@sha256:5ffa88952441ddab19ada1bd2603e3614b75d10ef51e38098c2d22d8b358b518_amd64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/controller-rhel9-operator@sha256:afca3fb56256dcb7cb04a67fb52bff0160064c65f901a70fa3e97ed30ddaab7a_arm64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/controller-rhel9@sha256:5e1a04dbcddc141f0026ccee871050cf974175b62c3d22b33e5ec3aec54128d3_amd64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/controller-rhel9@sha256:ddb59951ccb324d8bd6ae9c6a6093f211bcb08d8cac7c4fb10f191e421aa59d3_arm64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/de-minimal-rhel9@sha256:55ad63ce31700829d0df23692d02cb7796404b122f790f9329f4b742c5f6783e_amd64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/de-minimal-rhel9@sha256:587ec88d08d4113f07778f81aae6de62c9e9d971b677b1375b547aa7dd1178c8_arm64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/de-supported-rhel9@sha256:5aa7b2e33b9480f45faf8b4686bfb264838b5c1c62c537c5a2ec7b5a8617ac49_amd64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/de-supported-rhel9@sha256:830fa58a60fbd7f768e236b2052edd1d37fc7cf383a0ccd65483b09fa5b07bd2_arm64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/eda-controller-rhel9-operator@sha256:a18f77ccf6c524f5d0c11d34d6787b22548194b6897abd491de85b00fc1befd3_amd64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/eda-controller-rhel9-operator@sha256:b58803576b7a2e119ffe83ceb252d8d402f1611c891c2c6ac7c4e0399acd848f_arm64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/eda-controller-rhel9@sha256:daefffce756c8c7918377279ada50a9cc127ab0939ed308c786940d5dc42e0d9_arm64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/eda-controller-rhel9@sha256:dfde61892d055e89b056f7fb8863f3a0961df2bb8890323b8301670fc8afc66b_amd64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/eda-controller-ui-rhel9@sha256:bd7350b62eb0f2de274eafd7dc32e4cf3073bd597e282268ff17777b9fe5d102_arm64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/eda-controller-ui-rhel9@sha256:fe72e508123fdd2795959017e5572689b039d5bdfc675dc45673c5586fceea17_amd64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/ee-minimal-rhel9@sha256:abaebe0c1fbc2a013fad8ec411a449705c8a78759b82ddbe661afd99e90dada5_amd64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/ee-minimal-rhel9@sha256:c4f9e3356a2217008bd6f69325ae74d547703f1bcfe39bd74737f30c6914f711_arm64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/ee-supported-rhel9@sha256:017495624b22a5825231dd70443dc9ab359da0df5ea16a5a04e0f4dc915b6e0f_arm64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/ee-supported-rhel9@sha256:fcb7685115cfbf0a10ef87d6bb7a43c251c207a4fd7a31c5908cad85b6ae0e1a_amd64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/gateway-proxy-rhel9@sha256:d15bd832817f039fa3c09d6d74088254b6fae15a5efed7a88279a657b2f23f16_amd64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/gateway-proxy-rhel9@sha256:e78dd744714feae5ae944c759759bff17c061c7ed2d3bd1454ba763131ed6ee0_arm64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/gateway-rhel9-operator@sha256:de3d43a8d9a2cf0d533337e825b078205cc37b01c935a4f68ac152a8a7a7533c_arm64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/gateway-rhel9-operator@sha256:eca1f9bd16210653a372e34a4f40ca4d6330618a2acba64f6f7c2e8e95026da1_amd64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/gateway-rhel9@sha256:a961d06200887f646ed797932c3159634581fe144e5f29f1fef47ddc859eed31_arm64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/gateway-rhel9@sha256:bd28a84fe3b750313749ec80d44cac88c7b06408b0caceea08d303f51c1f559a_amd64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/hub-rhel9-operator@sha256:3312c6acd7a577bd8b3ccda5a65f8505ff76e2acc7a46e7f290a49dfb53cfac4_amd64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/hub-rhel9-operator@sha256:c738cf5ef020b44a404402ddd660afc3d418a758751f848068bda4bc5bce0e35_arm64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/hub-web-rhel9@sha256:adca5f837877df04696709a4826ccae31e2fdc50aa8bc32fabb4ef40cd51f0ef_arm64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/hub-web-rhel9@sha256:fb8342f0f6b8322194bc357c7d9c9d89ef6ca052b88c5618bbf768f555a54b13_amd64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/lightspeed-chatbot-rhel9@sha256:2fab408777ea512f3cf8ac57d5989fa0017f6352dcead3a320d348a3e2ac1004_amd64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/lightspeed-chatbot-rhel9@sha256:c014148a6140721bb7733d5f30c7adbe3e2cc6f8a7cd6c3a939ab96f8c9420ee_arm64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/lightspeed-rhel9-operator@sha256:121e0bfb87b57655db4a735762a26e23f1b3de7b105cbf09bb300043601c1b43_arm64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/lightspeed-rhel9-operator@sha256:6a06579accd268ca5203edab2e46b89166ae6024507cc5b4bed2e126cdef7986_amd64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/lightspeed-rhel9@sha256:d02ae0212655f8ef70afc7a0656a2fbc95468228b003f6940d01cf4abeb5325b_arm64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/lightspeed-rhel9@sha256:d10f226739a001a0efc0178f19a73fad722dc85484017d13f388f749a374ffea_amd64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/mcp-server-rhel9@sha256:302cf11b0faed78e07e863d4b1e7e31db47590b571239385475d8a4c3cda47dc_arm64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/mcp-server-rhel9@sha256:7dbf390d29d295f346662b605448a9748e24b8f541a84f55b6b7c81b87c46025_amd64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/mcp-tools-rhel9@sha256:e6c019048612b124e9a2100220d46f242f0fd2302bbe42e674bf84c21a56b733_amd64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/mcp-tools-rhel9@sha256:f07206e7881bd11636bebb95f7ec9a70cc817f07d7b34f792265a5ec91d4432b_arm64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/metrics-service-rhel9-operator@sha256:7007f666eadfd7294801e6412e624dbc4bd2288f13ea8820ee55e7552f471831_amd64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/metrics-service-rhel9-operator@sha256:d71829d8bd9bfdba7d248e2e2cd5795139382947889b71bb96b27f7d443e1591_arm64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/metrics-service-rhel9@sha256:ce4ef5c8af91d2056a034f9559a5d92742b18aea7aeaf03d2bacfa92d67c5b9b_arm64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/metrics-service-rhel9@sha256:ee347c1a7b52e512d6bdd65afda44f0e372abbaf4c1f81750f23fc473becf777_amd64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/platform-resource-rhel9-operator@sha256:3641db944490dd326c814487e1c10d5d9d079ba74f8321930ab277fe44b51705_amd64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/platform-resource-rhel9-operator@sha256:7e6ea2d4253efb0aaabce270c56bf8ef84148592862608f501b639566b9996f0_arm64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/platform-resource-runner-rhel9@sha256:41c9292a512f44347fc348afd6846e7e8832abde31452ee12ec8eca235acdce4_amd64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/platform-resource-runner-rhel9@sha256:f30a9515d678d60e9ac035b876ecdaaa8a4852c87fe55e16bcabf598ad447b14_arm64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/receptor-rhel9@sha256:1ad72d1f577d63894eec4278c1b92b6e295cb3c0543b4dd2e93750c2cc83d535_amd64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/receptor-rhel9@sha256:5c5bc6761dbd47effea36014affa352bddd5a18696377967f1f50b75df2741fe_arm64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform/platform-operator-bundle@sha256:32560cdb08b7da9d671f9b035e595971c5bdf865c56eb6825b9a4910add1b9cf_amd64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform/platform-operator-bundle@sha256:8ef224281fd23b4203da09336df25550db17b01f025e99b8e9821d4bc3ddedfc_amd64 | — |
A flaw was found in urllib3, an HTTP client library for Python. This vulnerability allows a remote attacker to cause excessive resource consumption, such as high CPU usage and massive memory allocation, on the client side. This occurs when urllib3 attempts to decompress an entire HTTP response, even if only a partial read was requested, or when draining the connection after a partial decompression. This can lead to a Denial of Service (DoS) condition.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/eda-controller-rhel9@sha256:daefffce756c8c7918377279ada50a9cc127ab0939ed308c786940d5dc42e0d9_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/eda-controller-rhel9@sha256:dfde61892d055e89b056f7fb8863f3a0961df2bb8890323b8301670fc8afc66b_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/hub-rhel9@sha256:3a04de6f43c1352f5df5c5a9e19fd8aad23d2921d23dcef8a9f5e121a87fe800_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/hub-rhel9@sha256:cdd7f08ba3846269e6932375c1a7bdb4ed3bfe062ba7bcd5a872def4293150a6_amd64 | — |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/aap-must-gather-rhel9@sha256:51ed36bb2a95df762fa0239faf7bcc70b68dbd5f744bd2094f5e29ecc6700eb3_amd64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/aap-must-gather-rhel9@sha256:8426a97219763cb74366755416683d79e8b56c95da290b0fa2fff59a5db51db3_arm64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/ansible-builder-rhel9@sha256:0ddbc5f91472e5872912da6131e71df85e87b79ef8ea3d38bb4247f1456d4a00_amd64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/ansible-builder-rhel9@sha256:f75e2056244899ae5e2ecab1404663bf554f7451cc521e0d7a75a2f40ecac7a1_arm64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/ansible-dev-tools-rhel9@sha256:7dcd3a60624fa4f6c9f591ef8ffc48ba0f5152b7108a6070fa8f680c20168c95_arm64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/ansible-dev-tools-rhel9@sha256:a8135ef1879793f311f2661c380bd5fbbedc14a4d195aeaa5a4cb04ad4845f49_amd64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/ansible-devspaces-rhel9@sha256:2211c0e7cd573bf30873329c46e91f98ff01fcb7e0753823d4c0517217c31ac3_arm64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/ansible-devspaces-rhel9@sha256:a6903f68684eb8f5bc688b75e390727b5ed48b864784657e49611966266c9f3f_amd64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/controller-rhel9-operator@sha256:5ffa88952441ddab19ada1bd2603e3614b75d10ef51e38098c2d22d8b358b518_amd64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/controller-rhel9-operator@sha256:afca3fb56256dcb7cb04a67fb52bff0160064c65f901a70fa3e97ed30ddaab7a_arm64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/controller-rhel9@sha256:5e1a04dbcddc141f0026ccee871050cf974175b62c3d22b33e5ec3aec54128d3_amd64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/controller-rhel9@sha256:ddb59951ccb324d8bd6ae9c6a6093f211bcb08d8cac7c4fb10f191e421aa59d3_arm64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/de-minimal-rhel9@sha256:55ad63ce31700829d0df23692d02cb7796404b122f790f9329f4b742c5f6783e_amd64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/de-minimal-rhel9@sha256:587ec88d08d4113f07778f81aae6de62c9e9d971b677b1375b547aa7dd1178c8_arm64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/de-supported-rhel9@sha256:5aa7b2e33b9480f45faf8b4686bfb264838b5c1c62c537c5a2ec7b5a8617ac49_amd64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/de-supported-rhel9@sha256:830fa58a60fbd7f768e236b2052edd1d37fc7cf383a0ccd65483b09fa5b07bd2_arm64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/eda-controller-rhel9-operator@sha256:a18f77ccf6c524f5d0c11d34d6787b22548194b6897abd491de85b00fc1befd3_amd64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/eda-controller-rhel9-operator@sha256:b58803576b7a2e119ffe83ceb252d8d402f1611c891c2c6ac7c4e0399acd848f_arm64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/eda-controller-ui-rhel9@sha256:bd7350b62eb0f2de274eafd7dc32e4cf3073bd597e282268ff17777b9fe5d102_arm64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/eda-controller-ui-rhel9@sha256:fe72e508123fdd2795959017e5572689b039d5bdfc675dc45673c5586fceea17_amd64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/ee-minimal-rhel9@sha256:abaebe0c1fbc2a013fad8ec411a449705c8a78759b82ddbe661afd99e90dada5_amd64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/ee-minimal-rhel9@sha256:c4f9e3356a2217008bd6f69325ae74d547703f1bcfe39bd74737f30c6914f711_arm64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/ee-supported-rhel9@sha256:017495624b22a5825231dd70443dc9ab359da0df5ea16a5a04e0f4dc915b6e0f_arm64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/ee-supported-rhel9@sha256:fcb7685115cfbf0a10ef87d6bb7a43c251c207a4fd7a31c5908cad85b6ae0e1a_amd64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/gateway-proxy-rhel9@sha256:d15bd832817f039fa3c09d6d74088254b6fae15a5efed7a88279a657b2f23f16_amd64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/gateway-proxy-rhel9@sha256:e78dd744714feae5ae944c759759bff17c061c7ed2d3bd1454ba763131ed6ee0_arm64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/gateway-rhel9-operator@sha256:de3d43a8d9a2cf0d533337e825b078205cc37b01c935a4f68ac152a8a7a7533c_arm64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/gateway-rhel9-operator@sha256:eca1f9bd16210653a372e34a4f40ca4d6330618a2acba64f6f7c2e8e95026da1_amd64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/gateway-rhel9@sha256:a961d06200887f646ed797932c3159634581fe144e5f29f1fef47ddc859eed31_arm64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/gateway-rhel9@sha256:bd28a84fe3b750313749ec80d44cac88c7b06408b0caceea08d303f51c1f559a_amd64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/hub-rhel9-operator@sha256:3312c6acd7a577bd8b3ccda5a65f8505ff76e2acc7a46e7f290a49dfb53cfac4_amd64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/hub-rhel9-operator@sha256:c738cf5ef020b44a404402ddd660afc3d418a758751f848068bda4bc5bce0e35_arm64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/hub-web-rhel9@sha256:adca5f837877df04696709a4826ccae31e2fdc50aa8bc32fabb4ef40cd51f0ef_arm64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/hub-web-rhel9@sha256:fb8342f0f6b8322194bc357c7d9c9d89ef6ca052b88c5618bbf768f555a54b13_amd64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/lightspeed-chatbot-rhel9@sha256:2fab408777ea512f3cf8ac57d5989fa0017f6352dcead3a320d348a3e2ac1004_amd64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/lightspeed-chatbot-rhel9@sha256:c014148a6140721bb7733d5f30c7adbe3e2cc6f8a7cd6c3a939ab96f8c9420ee_arm64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/lightspeed-rhel9-operator@sha256:121e0bfb87b57655db4a735762a26e23f1b3de7b105cbf09bb300043601c1b43_arm64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/lightspeed-rhel9-operator@sha256:6a06579accd268ca5203edab2e46b89166ae6024507cc5b4bed2e126cdef7986_amd64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/lightspeed-rhel9@sha256:d02ae0212655f8ef70afc7a0656a2fbc95468228b003f6940d01cf4abeb5325b_arm64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/lightspeed-rhel9@sha256:d10f226739a001a0efc0178f19a73fad722dc85484017d13f388f749a374ffea_amd64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/mcp-server-rhel9@sha256:302cf11b0faed78e07e863d4b1e7e31db47590b571239385475d8a4c3cda47dc_arm64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/mcp-server-rhel9@sha256:7dbf390d29d295f346662b605448a9748e24b8f541a84f55b6b7c81b87c46025_amd64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/mcp-tools-rhel9@sha256:e6c019048612b124e9a2100220d46f242f0fd2302bbe42e674bf84c21a56b733_amd64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/mcp-tools-rhel9@sha256:f07206e7881bd11636bebb95f7ec9a70cc817f07d7b34f792265a5ec91d4432b_arm64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/metrics-service-rhel9-operator@sha256:7007f666eadfd7294801e6412e624dbc4bd2288f13ea8820ee55e7552f471831_amd64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/metrics-service-rhel9-operator@sha256:d71829d8bd9bfdba7d248e2e2cd5795139382947889b71bb96b27f7d443e1591_arm64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/metrics-service-rhel9@sha256:ce4ef5c8af91d2056a034f9559a5d92742b18aea7aeaf03d2bacfa92d67c5b9b_arm64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/metrics-service-rhel9@sha256:ee347c1a7b52e512d6bdd65afda44f0e372abbaf4c1f81750f23fc473becf777_amd64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/platform-resource-rhel9-operator@sha256:3641db944490dd326c814487e1c10d5d9d079ba74f8321930ab277fe44b51705_amd64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/platform-resource-rhel9-operator@sha256:7e6ea2d4253efb0aaabce270c56bf8ef84148592862608f501b639566b9996f0_arm64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/platform-resource-runner-rhel9@sha256:41c9292a512f44347fc348afd6846e7e8832abde31452ee12ec8eca235acdce4_amd64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/platform-resource-runner-rhel9@sha256:f30a9515d678d60e9ac035b876ecdaaa8a4852c87fe55e16bcabf598ad447b14_arm64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/receptor-rhel9@sha256:1ad72d1f577d63894eec4278c1b92b6e295cb3c0543b4dd2e93750c2cc83d535_amd64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/receptor-rhel9@sha256:5c5bc6761dbd47effea36014affa352bddd5a18696377967f1f50b75df2741fe_arm64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform/platform-operator-bundle@sha256:32560cdb08b7da9d671f9b035e595971c5bdf865c56eb6825b9a4910add1b9cf_amd64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform/platform-operator-bundle@sha256:8ef224281fd23b4203da09336df25550db17b01f025e99b8e9821d4bc3ddedfc_amd64 | — |
A flaw was found in PyJWT, a Python library for JSON Web Token (JWT) implementation. When decoding JWTs, the library fails to validate the use of JSON Web Keys (JWK) in the HMAC algorithm while also supporting asymmetric algorithms. This allows a remote attacker to use the issuer's public key as the secret key for the HMAC algorithm, leading to the ability to forge JWTs. This vulnerability can result in authentication bypass or unauthorized access.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/ee-supported-rhel9@sha256:017495624b22a5825231dd70443dc9ab359da0df5ea16a5a04e0f4dc915b6e0f_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/ee-supported-rhel9@sha256:fcb7685115cfbf0a10ef87d6bb7a43c251c207a4fd7a31c5908cad85b6ae0e1a_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/hub-rhel9@sha256:3a04de6f43c1352f5df5c5a9e19fd8aad23d2921d23dcef8a9f5e121a87fe800_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/hub-rhel9@sha256:cdd7f08ba3846269e6932375c1a7bdb4ed3bfe062ba7bcd5a872def4293150a6_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/lightspeed-chatbot-rhel9@sha256:2fab408777ea512f3cf8ac57d5989fa0017f6352dcead3a320d348a3e2ac1004_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/lightspeed-chatbot-rhel9@sha256:c014148a6140721bb7733d5f30c7adbe3e2cc6f8a7cd6c3a939ab96f8c9420ee_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/lightspeed-rhel9@sha256:d02ae0212655f8ef70afc7a0656a2fbc95468228b003f6940d01cf4abeb5325b_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/lightspeed-rhel9@sha256:d10f226739a001a0efc0178f19a73fad722dc85484017d13f388f749a374ffea_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/mcp-tools-rhel9@sha256:e6c019048612b124e9a2100220d46f242f0fd2302bbe42e674bf84c21a56b733_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/mcp-tools-rhel9@sha256:f07206e7881bd11636bebb95f7ec9a70cc817f07d7b34f792265a5ec91d4432b_arm64 | — |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/aap-must-gather-rhel9@sha256:51ed36bb2a95df762fa0239faf7bcc70b68dbd5f744bd2094f5e29ecc6700eb3_amd64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/aap-must-gather-rhel9@sha256:8426a97219763cb74366755416683d79e8b56c95da290b0fa2fff59a5db51db3_arm64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/ansible-builder-rhel9@sha256:0ddbc5f91472e5872912da6131e71df85e87b79ef8ea3d38bb4247f1456d4a00_amd64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/ansible-builder-rhel9@sha256:f75e2056244899ae5e2ecab1404663bf554f7451cc521e0d7a75a2f40ecac7a1_arm64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/ansible-dev-tools-rhel9@sha256:7dcd3a60624fa4f6c9f591ef8ffc48ba0f5152b7108a6070fa8f680c20168c95_arm64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/ansible-dev-tools-rhel9@sha256:a8135ef1879793f311f2661c380bd5fbbedc14a4d195aeaa5a4cb04ad4845f49_amd64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/ansible-devspaces-rhel9@sha256:2211c0e7cd573bf30873329c46e91f98ff01fcb7e0753823d4c0517217c31ac3_arm64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/ansible-devspaces-rhel9@sha256:a6903f68684eb8f5bc688b75e390727b5ed48b864784657e49611966266c9f3f_amd64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/controller-rhel9-operator@sha256:5ffa88952441ddab19ada1bd2603e3614b75d10ef51e38098c2d22d8b358b518_amd64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/controller-rhel9-operator@sha256:afca3fb56256dcb7cb04a67fb52bff0160064c65f901a70fa3e97ed30ddaab7a_arm64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/controller-rhel9@sha256:5e1a04dbcddc141f0026ccee871050cf974175b62c3d22b33e5ec3aec54128d3_amd64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/controller-rhel9@sha256:ddb59951ccb324d8bd6ae9c6a6093f211bcb08d8cac7c4fb10f191e421aa59d3_arm64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/de-minimal-rhel9@sha256:55ad63ce31700829d0df23692d02cb7796404b122f790f9329f4b742c5f6783e_amd64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/de-minimal-rhel9@sha256:587ec88d08d4113f07778f81aae6de62c9e9d971b677b1375b547aa7dd1178c8_arm64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/de-supported-rhel9@sha256:5aa7b2e33b9480f45faf8b4686bfb264838b5c1c62c537c5a2ec7b5a8617ac49_amd64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/de-supported-rhel9@sha256:830fa58a60fbd7f768e236b2052edd1d37fc7cf383a0ccd65483b09fa5b07bd2_arm64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/eda-controller-rhel9-operator@sha256:a18f77ccf6c524f5d0c11d34d6787b22548194b6897abd491de85b00fc1befd3_amd64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/eda-controller-rhel9-operator@sha256:b58803576b7a2e119ffe83ceb252d8d402f1611c891c2c6ac7c4e0399acd848f_arm64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/eda-controller-rhel9@sha256:daefffce756c8c7918377279ada50a9cc127ab0939ed308c786940d5dc42e0d9_arm64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/eda-controller-rhel9@sha256:dfde61892d055e89b056f7fb8863f3a0961df2bb8890323b8301670fc8afc66b_amd64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/eda-controller-ui-rhel9@sha256:bd7350b62eb0f2de274eafd7dc32e4cf3073bd597e282268ff17777b9fe5d102_arm64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/eda-controller-ui-rhel9@sha256:fe72e508123fdd2795959017e5572689b039d5bdfc675dc45673c5586fceea17_amd64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/ee-minimal-rhel9@sha256:abaebe0c1fbc2a013fad8ec411a449705c8a78759b82ddbe661afd99e90dada5_amd64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/ee-minimal-rhel9@sha256:c4f9e3356a2217008bd6f69325ae74d547703f1bcfe39bd74737f30c6914f711_arm64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/gateway-proxy-rhel9@sha256:d15bd832817f039fa3c09d6d74088254b6fae15a5efed7a88279a657b2f23f16_amd64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/gateway-proxy-rhel9@sha256:e78dd744714feae5ae944c759759bff17c061c7ed2d3bd1454ba763131ed6ee0_arm64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/gateway-rhel9-operator@sha256:de3d43a8d9a2cf0d533337e825b078205cc37b01c935a4f68ac152a8a7a7533c_arm64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/gateway-rhel9-operator@sha256:eca1f9bd16210653a372e34a4f40ca4d6330618a2acba64f6f7c2e8e95026da1_amd64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/gateway-rhel9@sha256:a961d06200887f646ed797932c3159634581fe144e5f29f1fef47ddc859eed31_arm64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/gateway-rhel9@sha256:bd28a84fe3b750313749ec80d44cac88c7b06408b0caceea08d303f51c1f559a_amd64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/hub-rhel9-operator@sha256:3312c6acd7a577bd8b3ccda5a65f8505ff76e2acc7a46e7f290a49dfb53cfac4_amd64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/hub-rhel9-operator@sha256:c738cf5ef020b44a404402ddd660afc3d418a758751f848068bda4bc5bce0e35_arm64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/hub-web-rhel9@sha256:adca5f837877df04696709a4826ccae31e2fdc50aa8bc32fabb4ef40cd51f0ef_arm64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/hub-web-rhel9@sha256:fb8342f0f6b8322194bc357c7d9c9d89ef6ca052b88c5618bbf768f555a54b13_amd64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/lightspeed-rhel9-operator@sha256:121e0bfb87b57655db4a735762a26e23f1b3de7b105cbf09bb300043601c1b43_arm64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/lightspeed-rhel9-operator@sha256:6a06579accd268ca5203edab2e46b89166ae6024507cc5b4bed2e126cdef7986_amd64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/mcp-server-rhel9@sha256:302cf11b0faed78e07e863d4b1e7e31db47590b571239385475d8a4c3cda47dc_arm64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/mcp-server-rhel9@sha256:7dbf390d29d295f346662b605448a9748e24b8f541a84f55b6b7c81b87c46025_amd64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/metrics-service-rhel9-operator@sha256:7007f666eadfd7294801e6412e624dbc4bd2288f13ea8820ee55e7552f471831_amd64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/metrics-service-rhel9-operator@sha256:d71829d8bd9bfdba7d248e2e2cd5795139382947889b71bb96b27f7d443e1591_arm64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/metrics-service-rhel9@sha256:ce4ef5c8af91d2056a034f9559a5d92742b18aea7aeaf03d2bacfa92d67c5b9b_arm64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/metrics-service-rhel9@sha256:ee347c1a7b52e512d6bdd65afda44f0e372abbaf4c1f81750f23fc473becf777_amd64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/platform-resource-rhel9-operator@sha256:3641db944490dd326c814487e1c10d5d9d079ba74f8321930ab277fe44b51705_amd64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/platform-resource-rhel9-operator@sha256:7e6ea2d4253efb0aaabce270c56bf8ef84148592862608f501b639566b9996f0_arm64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/platform-resource-runner-rhel9@sha256:41c9292a512f44347fc348afd6846e7e8832abde31452ee12ec8eca235acdce4_amd64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/platform-resource-runner-rhel9@sha256:f30a9515d678d60e9ac035b876ecdaaa8a4852c87fe55e16bcabf598ad447b14_arm64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/receptor-rhel9@sha256:1ad72d1f577d63894eec4278c1b92b6e295cb3c0543b4dd2e93750c2cc83d535_amd64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/receptor-rhel9@sha256:5c5bc6761dbd47effea36014affa352bddd5a18696377967f1f50b75df2741fe_arm64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform/platform-operator-bundle@sha256:32560cdb08b7da9d671f9b035e595971c5bdf865c56eb6825b9a4910add1b9cf_amd64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform/platform-operator-bundle@sha256:8ef224281fd23b4203da09336df25550db17b01f025e99b8e9821d4bc3ddedfc_amd64 | — |
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update is now available for Red Hat Ansible Automation Platform 2.7",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat Ansible Automation Platform provides an enterprise framework for building, deploying and managing IT automation at scale. IT Managers can provide top-down guidelines on how automation is applied to individual teams, while automation developers retain the freedom to write tasks that leverage existing knowledge without the overhead. Ansible Automation Platform makes it possible for users across an organization to share, vet, and manage automation content by means of a simple, powerful, and agentless language.\n\nFor details about this release, refer to the release notes listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:25928",
"url": "https://access.redhat.com/errata/RHSA-2026:25928"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-44188",
"url": "https://access.redhat.com/security/cve/CVE-2026-44188"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-44431",
"url": "https://access.redhat.com/security/cve/CVE-2026-44431"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-44432",
"url": "https://access.redhat.com/security/cve/CVE-2026-44432"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-48526",
"url": "https://access.redhat.com/security/cve/CVE-2026-48526"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "external",
"summary": "https://docs.redhat.com/en/documentation/red_hat_ansible_automation_platform/2.7/whats_new-async_updates",
"url": "https://docs.redhat.com/en/documentation/red_hat_ansible_automation_platform/2.7/whats_new-async_updates"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_25928.json"
}
],
"title": "Red Hat Security Advisory: Red Hat Ansible Automation Platform 2.7 Container Release Update",
"tracking": {
"current_release_date": "2026-07-06T05:56:57+00:00",
"generator": {
"date": "2026-07-06T05:56:57+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.3.1"
}
},
"id": "RHSA-2026:25928",
"initial_release_date": "2026-06-15T08:51:13+00:00",
"revision_history": [
{
"date": "2026-06-15T08:51:13+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-06-15T08:51:20+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-07-06T05:56:57+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Ansible Automation Platform 2.7",
"product": {
"name": "Red Hat Ansible Automation Platform 2.7",
"product_id": "Red Hat Ansible Automation Platform 2.7",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:ansible_automation_platform:2.7::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat Ansible Automation Platform"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform/platform-operator-bundle@sha256:8ef224281fd23b4203da09336df25550db17b01f025e99b8e9821d4bc3ddedfc_amd64",
"product": {
"name": "registry.redhat.io/ansible-automation-platform/platform-operator-bundle@sha256:8ef224281fd23b4203da09336df25550db17b01f025e99b8e9821d4bc3ddedfc_amd64",
"product_id": "registry.redhat.io/ansible-automation-platform/platform-operator-bundle@sha256:8ef224281fd23b4203da09336df25550db17b01f025e99b8e9821d4bc3ddedfc_amd64",
"product_identification_helper": {
"purl": "pkg:oci/platform-operator-bundle@sha256%3A8ef224281fd23b4203da09336df25550db17b01f025e99b8e9821d4bc3ddedfc?arch=amd64\u0026repository_url=registry.redhat.io/ansible-automation-platform/platform-operator-bundle\u0026tag=1781122716"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-27/mcp-server-rhel9@sha256:7dbf390d29d295f346662b605448a9748e24b8f541a84f55b6b7c81b87c46025_amd64",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-27/mcp-server-rhel9@sha256:7dbf390d29d295f346662b605448a9748e24b8f541a84f55b6b7c81b87c46025_amd64",
"product_id": "registry.redhat.io/ansible-automation-platform-27/mcp-server-rhel9@sha256:7dbf390d29d295f346662b605448a9748e24b8f541a84f55b6b7c81b87c46025_amd64",
"product_identification_helper": {
"purl": "pkg:oci/mcp-server-rhel9@sha256%3A7dbf390d29d295f346662b605448a9748e24b8f541a84f55b6b7c81b87c46025?arch=amd64\u0026repository_url=registry.redhat.io/ansible-automation-platform-27/mcp-server-rhel9\u0026tag=1780741250"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-27/aap-must-gather-rhel9@sha256:51ed36bb2a95df762fa0239faf7bcc70b68dbd5f744bd2094f5e29ecc6700eb3_amd64",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-27/aap-must-gather-rhel9@sha256:51ed36bb2a95df762fa0239faf7bcc70b68dbd5f744bd2094f5e29ecc6700eb3_amd64",
"product_id": "registry.redhat.io/ansible-automation-platform-27/aap-must-gather-rhel9@sha256:51ed36bb2a95df762fa0239faf7bcc70b68dbd5f744bd2094f5e29ecc6700eb3_amd64",
"product_identification_helper": {
"purl": "pkg:oci/aap-must-gather-rhel9@sha256%3A51ed36bb2a95df762fa0239faf7bcc70b68dbd5f744bd2094f5e29ecc6700eb3?arch=amd64\u0026repository_url=registry.redhat.io/ansible-automation-platform-27/aap-must-gather-rhel9\u0026tag=1780676763"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform/platform-operator-bundle@sha256:32560cdb08b7da9d671f9b035e595971c5bdf865c56eb6825b9a4910add1b9cf_amd64",
"product": {
"name": "registry.redhat.io/ansible-automation-platform/platform-operator-bundle@sha256:32560cdb08b7da9d671f9b035e595971c5bdf865c56eb6825b9a4910add1b9cf_amd64",
"product_id": "registry.redhat.io/ansible-automation-platform/platform-operator-bundle@sha256:32560cdb08b7da9d671f9b035e595971c5bdf865c56eb6825b9a4910add1b9cf_amd64",
"product_identification_helper": {
"purl": "pkg:oci/platform-operator-bundle@sha256%3A32560cdb08b7da9d671f9b035e595971c5bdf865c56eb6825b9a4910add1b9cf?arch=amd64\u0026repository_url=registry.redhat.io/ansible-automation-platform/platform-operator-bundle\u0026tag=1781122716"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-27/ansible-builder-rhel9@sha256:0ddbc5f91472e5872912da6131e71df85e87b79ef8ea3d38bb4247f1456d4a00_amd64",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-27/ansible-builder-rhel9@sha256:0ddbc5f91472e5872912da6131e71df85e87b79ef8ea3d38bb4247f1456d4a00_amd64",
"product_id": "registry.redhat.io/ansible-automation-platform-27/ansible-builder-rhel9@sha256:0ddbc5f91472e5872912da6131e71df85e87b79ef8ea3d38bb4247f1456d4a00_amd64",
"product_identification_helper": {
"purl": "pkg:oci/ansible-builder-rhel9@sha256%3A0ddbc5f91472e5872912da6131e71df85e87b79ef8ea3d38bb4247f1456d4a00?arch=amd64\u0026repository_url=registry.redhat.io/ansible-automation-platform-27/ansible-builder-rhel9\u0026tag=1781101539"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-27/ansible-devspaces-rhel9@sha256:a6903f68684eb8f5bc688b75e390727b5ed48b864784657e49611966266c9f3f_amd64",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-27/ansible-devspaces-rhel9@sha256:a6903f68684eb8f5bc688b75e390727b5ed48b864784657e49611966266c9f3f_amd64",
"product_id": "registry.redhat.io/ansible-automation-platform-27/ansible-devspaces-rhel9@sha256:a6903f68684eb8f5bc688b75e390727b5ed48b864784657e49611966266c9f3f_amd64",
"product_identification_helper": {
"purl": "pkg:oci/ansible-devspaces-rhel9@sha256%3Aa6903f68684eb8f5bc688b75e390727b5ed48b864784657e49611966266c9f3f?arch=amd64\u0026repository_url=registry.redhat.io/ansible-automation-platform-27/ansible-devspaces-rhel9\u0026tag=1781112811"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-27/ansible-dev-tools-rhel9@sha256:a8135ef1879793f311f2661c380bd5fbbedc14a4d195aeaa5a4cb04ad4845f49_amd64",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-27/ansible-dev-tools-rhel9@sha256:a8135ef1879793f311f2661c380bd5fbbedc14a4d195aeaa5a4cb04ad4845f49_amd64",
"product_id": "registry.redhat.io/ansible-automation-platform-27/ansible-dev-tools-rhel9@sha256:a8135ef1879793f311f2661c380bd5fbbedc14a4d195aeaa5a4cb04ad4845f49_amd64",
"product_identification_helper": {
"purl": "pkg:oci/ansible-dev-tools-rhel9@sha256%3Aa8135ef1879793f311f2661c380bd5fbbedc14a4d195aeaa5a4cb04ad4845f49?arch=amd64\u0026repository_url=registry.redhat.io/ansible-automation-platform-27/ansible-dev-tools-rhel9\u0026tag=1780676633"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-27/lightspeed-chatbot-rhel9@sha256:2fab408777ea512f3cf8ac57d5989fa0017f6352dcead3a320d348a3e2ac1004_amd64",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-27/lightspeed-chatbot-rhel9@sha256:2fab408777ea512f3cf8ac57d5989fa0017f6352dcead3a320d348a3e2ac1004_amd64",
"product_id": "registry.redhat.io/ansible-automation-platform-27/lightspeed-chatbot-rhel9@sha256:2fab408777ea512f3cf8ac57d5989fa0017f6352dcead3a320d348a3e2ac1004_amd64",
"product_identification_helper": {
"purl": "pkg:oci/lightspeed-chatbot-rhel9@sha256%3A2fab408777ea512f3cf8ac57d5989fa0017f6352dcead3a320d348a3e2ac1004?arch=amd64\u0026repository_url=registry.redhat.io/ansible-automation-platform-27/lightspeed-chatbot-rhel9\u0026tag=1781042555"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-27/lightspeed-rhel9@sha256:d10f226739a001a0efc0178f19a73fad722dc85484017d13f388f749a374ffea_amd64",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-27/lightspeed-rhel9@sha256:d10f226739a001a0efc0178f19a73fad722dc85484017d13f388f749a374ffea_amd64",
"product_id": "registry.redhat.io/ansible-automation-platform-27/lightspeed-rhel9@sha256:d10f226739a001a0efc0178f19a73fad722dc85484017d13f388f749a374ffea_amd64",
"product_identification_helper": {
"purl": "pkg:oci/lightspeed-rhel9@sha256%3Ad10f226739a001a0efc0178f19a73fad722dc85484017d13f388f749a374ffea?arch=amd64\u0026repository_url=registry.redhat.io/ansible-automation-platform-27/lightspeed-rhel9\u0026tag=1781025813"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-27/lightspeed-rhel9-operator@sha256:6a06579accd268ca5203edab2e46b89166ae6024507cc5b4bed2e126cdef7986_amd64",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-27/lightspeed-rhel9-operator@sha256:6a06579accd268ca5203edab2e46b89166ae6024507cc5b4bed2e126cdef7986_amd64",
"product_id": "registry.redhat.io/ansible-automation-platform-27/lightspeed-rhel9-operator@sha256:6a06579accd268ca5203edab2e46b89166ae6024507cc5b4bed2e126cdef7986_amd64",
"product_identification_helper": {
"purl": "pkg:oci/lightspeed-rhel9-operator@sha256%3A6a06579accd268ca5203edab2e46b89166ae6024507cc5b4bed2e126cdef7986?arch=amd64\u0026repository_url=registry.redhat.io/ansible-automation-platform-27/lightspeed-rhel9-operator\u0026tag=1781012601"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-27/mcp-tools-rhel9@sha256:e6c019048612b124e9a2100220d46f242f0fd2302bbe42e674bf84c21a56b733_amd64",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-27/mcp-tools-rhel9@sha256:e6c019048612b124e9a2100220d46f242f0fd2302bbe42e674bf84c21a56b733_amd64",
"product_id": "registry.redhat.io/ansible-automation-platform-27/mcp-tools-rhel9@sha256:e6c019048612b124e9a2100220d46f242f0fd2302bbe42e674bf84c21a56b733_amd64",
"product_identification_helper": {
"purl": "pkg:oci/mcp-tools-rhel9@sha256%3Ae6c019048612b124e9a2100220d46f242f0fd2302bbe42e674bf84c21a56b733?arch=amd64\u0026repository_url=registry.redhat.io/ansible-automation-platform-27/mcp-tools-rhel9\u0026tag=1781030318"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-27/controller-rhel9@sha256:5e1a04dbcddc141f0026ccee871050cf974175b62c3d22b33e5ec3aec54128d3_amd64",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-27/controller-rhel9@sha256:5e1a04dbcddc141f0026ccee871050cf974175b62c3d22b33e5ec3aec54128d3_amd64",
"product_id": "registry.redhat.io/ansible-automation-platform-27/controller-rhel9@sha256:5e1a04dbcddc141f0026ccee871050cf974175b62c3d22b33e5ec3aec54128d3_amd64",
"product_identification_helper": {
"purl": "pkg:oci/controller-rhel9@sha256%3A5e1a04dbcddc141f0026ccee871050cf974175b62c3d22b33e5ec3aec54128d3?arch=amd64\u0026repository_url=registry.redhat.io/ansible-automation-platform-27/controller-rhel9\u0026tag=1781097765"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-27/controller-rhel9-operator@sha256:5ffa88952441ddab19ada1bd2603e3614b75d10ef51e38098c2d22d8b358b518_amd64",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-27/controller-rhel9-operator@sha256:5ffa88952441ddab19ada1bd2603e3614b75d10ef51e38098c2d22d8b358b518_amd64",
"product_id": "registry.redhat.io/ansible-automation-platform-27/controller-rhel9-operator@sha256:5ffa88952441ddab19ada1bd2603e3614b75d10ef51e38098c2d22d8b358b518_amd64",
"product_identification_helper": {
"purl": "pkg:oci/controller-rhel9-operator@sha256%3A5ffa88952441ddab19ada1bd2603e3614b75d10ef51e38098c2d22d8b358b518?arch=amd64\u0026repository_url=registry.redhat.io/ansible-automation-platform-27/controller-rhel9-operator\u0026tag=1781020811"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-27/eda-controller-rhel9@sha256:dfde61892d055e89b056f7fb8863f3a0961df2bb8890323b8301670fc8afc66b_amd64",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-27/eda-controller-rhel9@sha256:dfde61892d055e89b056f7fb8863f3a0961df2bb8890323b8301670fc8afc66b_amd64",
"product_id": "registry.redhat.io/ansible-automation-platform-27/eda-controller-rhel9@sha256:dfde61892d055e89b056f7fb8863f3a0961df2bb8890323b8301670fc8afc66b_amd64",
"product_identification_helper": {
"purl": "pkg:oci/eda-controller-rhel9@sha256%3Adfde61892d055e89b056f7fb8863f3a0961df2bb8890323b8301670fc8afc66b?arch=amd64\u0026repository_url=registry.redhat.io/ansible-automation-platform-27/eda-controller-rhel9\u0026tag=1781028735"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-27/eda-controller-rhel9-operator@sha256:a18f77ccf6c524f5d0c11d34d6787b22548194b6897abd491de85b00fc1befd3_amd64",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-27/eda-controller-rhel9-operator@sha256:a18f77ccf6c524f5d0c11d34d6787b22548194b6897abd491de85b00fc1befd3_amd64",
"product_id": "registry.redhat.io/ansible-automation-platform-27/eda-controller-rhel9-operator@sha256:a18f77ccf6c524f5d0c11d34d6787b22548194b6897abd491de85b00fc1befd3_amd64",
"product_identification_helper": {
"purl": "pkg:oci/eda-controller-rhel9-operator@sha256%3Aa18f77ccf6c524f5d0c11d34d6787b22548194b6897abd491de85b00fc1befd3?arch=amd64\u0026repository_url=registry.redhat.io/ansible-automation-platform-27/eda-controller-rhel9-operator\u0026tag=1780676212"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-27/eda-controller-ui-rhel9@sha256:fe72e508123fdd2795959017e5572689b039d5bdfc675dc45673c5586fceea17_amd64",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-27/eda-controller-ui-rhel9@sha256:fe72e508123fdd2795959017e5572689b039d5bdfc675dc45673c5586fceea17_amd64",
"product_id": "registry.redhat.io/ansible-automation-platform-27/eda-controller-ui-rhel9@sha256:fe72e508123fdd2795959017e5572689b039d5bdfc675dc45673c5586fceea17_amd64",
"product_identification_helper": {
"purl": "pkg:oci/eda-controller-ui-rhel9@sha256%3Afe72e508123fdd2795959017e5572689b039d5bdfc675dc45673c5586fceea17?arch=amd64\u0026repository_url=registry.redhat.io/ansible-automation-platform-27/eda-controller-ui-rhel9\u0026tag=1781030866"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-27/gateway-rhel9@sha256:bd28a84fe3b750313749ec80d44cac88c7b06408b0caceea08d303f51c1f559a_amd64",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-27/gateway-rhel9@sha256:bd28a84fe3b750313749ec80d44cac88c7b06408b0caceea08d303f51c1f559a_amd64",
"product_id": "registry.redhat.io/ansible-automation-platform-27/gateway-rhel9@sha256:bd28a84fe3b750313749ec80d44cac88c7b06408b0caceea08d303f51c1f559a_amd64",
"product_identification_helper": {
"purl": "pkg:oci/gateway-rhel9@sha256%3Abd28a84fe3b750313749ec80d44cac88c7b06408b0caceea08d303f51c1f559a?arch=amd64\u0026repository_url=registry.redhat.io/ansible-automation-platform-27/gateway-rhel9\u0026tag=1781044628"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-27/gateway-rhel9-operator@sha256:eca1f9bd16210653a372e34a4f40ca4d6330618a2acba64f6f7c2e8e95026da1_amd64",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-27/gateway-rhel9-operator@sha256:eca1f9bd16210653a372e34a4f40ca4d6330618a2acba64f6f7c2e8e95026da1_amd64",
"product_id": "registry.redhat.io/ansible-automation-platform-27/gateway-rhel9-operator@sha256:eca1f9bd16210653a372e34a4f40ca4d6330618a2acba64f6f7c2e8e95026da1_amd64",
"product_identification_helper": {
"purl": "pkg:oci/gateway-rhel9-operator@sha256%3Aeca1f9bd16210653a372e34a4f40ca4d6330618a2acba64f6f7c2e8e95026da1?arch=amd64\u0026repository_url=registry.redhat.io/ansible-automation-platform-27/gateway-rhel9-operator\u0026tag=1781031115"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-27/gateway-proxy-rhel9@sha256:d15bd832817f039fa3c09d6d74088254b6fae15a5efed7a88279a657b2f23f16_amd64",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-27/gateway-proxy-rhel9@sha256:d15bd832817f039fa3c09d6d74088254b6fae15a5efed7a88279a657b2f23f16_amd64",
"product_id": "registry.redhat.io/ansible-automation-platform-27/gateway-proxy-rhel9@sha256:d15bd832817f039fa3c09d6d74088254b6fae15a5efed7a88279a657b2f23f16_amd64",
"product_identification_helper": {
"purl": "pkg:oci/gateway-proxy-rhel9@sha256%3Ad15bd832817f039fa3c09d6d74088254b6fae15a5efed7a88279a657b2f23f16?arch=amd64\u0026repository_url=registry.redhat.io/ansible-automation-platform-27/gateway-proxy-rhel9\u0026tag=1781112272"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-27/hub-rhel9@sha256:cdd7f08ba3846269e6932375c1a7bdb4ed3bfe062ba7bcd5a872def4293150a6_amd64",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-27/hub-rhel9@sha256:cdd7f08ba3846269e6932375c1a7bdb4ed3bfe062ba7bcd5a872def4293150a6_amd64",
"product_id": "registry.redhat.io/ansible-automation-platform-27/hub-rhel9@sha256:cdd7f08ba3846269e6932375c1a7bdb4ed3bfe062ba7bcd5a872def4293150a6_amd64",
"product_identification_helper": {
"purl": "pkg:oci/hub-rhel9@sha256%3Acdd7f08ba3846269e6932375c1a7bdb4ed3bfe062ba7bcd5a872def4293150a6?arch=amd64\u0026repository_url=registry.redhat.io/ansible-automation-platform-27/hub-rhel9\u0026tag=1781102816"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-27/hub-rhel9-operator@sha256:3312c6acd7a577bd8b3ccda5a65f8505ff76e2acc7a46e7f290a49dfb53cfac4_amd64",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-27/hub-rhel9-operator@sha256:3312c6acd7a577bd8b3ccda5a65f8505ff76e2acc7a46e7f290a49dfb53cfac4_amd64",
"product_id": "registry.redhat.io/ansible-automation-platform-27/hub-rhel9-operator@sha256:3312c6acd7a577bd8b3ccda5a65f8505ff76e2acc7a46e7f290a49dfb53cfac4_amd64",
"product_identification_helper": {
"purl": "pkg:oci/hub-rhel9-operator@sha256%3A3312c6acd7a577bd8b3ccda5a65f8505ff76e2acc7a46e7f290a49dfb53cfac4?arch=amd64\u0026repository_url=registry.redhat.io/ansible-automation-platform-27/hub-rhel9-operator\u0026tag=1780676321"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-27/hub-web-rhel9@sha256:fb8342f0f6b8322194bc357c7d9c9d89ef6ca052b88c5618bbf768f555a54b13_amd64",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-27/hub-web-rhel9@sha256:fb8342f0f6b8322194bc357c7d9c9d89ef6ca052b88c5618bbf768f555a54b13_amd64",
"product_id": "registry.redhat.io/ansible-automation-platform-27/hub-web-rhel9@sha256:fb8342f0f6b8322194bc357c7d9c9d89ef6ca052b88c5618bbf768f555a54b13_amd64",
"product_identification_helper": {
"purl": "pkg:oci/hub-web-rhel9@sha256%3Afb8342f0f6b8322194bc357c7d9c9d89ef6ca052b88c5618bbf768f555a54b13?arch=amd64\u0026repository_url=registry.redhat.io/ansible-automation-platform-27/hub-web-rhel9\u0026tag=1781105214"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-27/metrics-service-rhel9-operator@sha256:7007f666eadfd7294801e6412e624dbc4bd2288f13ea8820ee55e7552f471831_amd64",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-27/metrics-service-rhel9-operator@sha256:7007f666eadfd7294801e6412e624dbc4bd2288f13ea8820ee55e7552f471831_amd64",
"product_id": "registry.redhat.io/ansible-automation-platform-27/metrics-service-rhel9-operator@sha256:7007f666eadfd7294801e6412e624dbc4bd2288f13ea8820ee55e7552f471831_amd64",
"product_identification_helper": {
"purl": "pkg:oci/metrics-service-rhel9-operator@sha256%3A7007f666eadfd7294801e6412e624dbc4bd2288f13ea8820ee55e7552f471831?arch=amd64\u0026repository_url=registry.redhat.io/ansible-automation-platform-27/metrics-service-rhel9-operator\u0026tag=1781020387"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-27/metrics-service-rhel9@sha256:ee347c1a7b52e512d6bdd65afda44f0e372abbaf4c1f81750f23fc473becf777_amd64",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-27/metrics-service-rhel9@sha256:ee347c1a7b52e512d6bdd65afda44f0e372abbaf4c1f81750f23fc473becf777_amd64",
"product_id": "registry.redhat.io/ansible-automation-platform-27/metrics-service-rhel9@sha256:ee347c1a7b52e512d6bdd65afda44f0e372abbaf4c1f81750f23fc473becf777_amd64",
"product_identification_helper": {
"purl": "pkg:oci/metrics-service-rhel9@sha256%3Aee347c1a7b52e512d6bdd65afda44f0e372abbaf4c1f81750f23fc473becf777?arch=amd64\u0026repository_url=registry.redhat.io/ansible-automation-platform-27/metrics-service-rhel9\u0026tag=1780937494"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-27/de-minimal-rhel9@sha256:55ad63ce31700829d0df23692d02cb7796404b122f790f9329f4b742c5f6783e_amd64",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-27/de-minimal-rhel9@sha256:55ad63ce31700829d0df23692d02cb7796404b122f790f9329f4b742c5f6783e_amd64",
"product_id": "registry.redhat.io/ansible-automation-platform-27/de-minimal-rhel9@sha256:55ad63ce31700829d0df23692d02cb7796404b122f790f9329f4b742c5f6783e_amd64",
"product_identification_helper": {
"purl": "pkg:oci/de-minimal-rhel9@sha256%3A55ad63ce31700829d0df23692d02cb7796404b122f790f9329f4b742c5f6783e?arch=amd64\u0026repository_url=registry.redhat.io/ansible-automation-platform-27/de-minimal-rhel9\u0026tag=1781036795"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-27/de-supported-rhel9@sha256:5aa7b2e33b9480f45faf8b4686bfb264838b5c1c62c537c5a2ec7b5a8617ac49_amd64",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-27/de-supported-rhel9@sha256:5aa7b2e33b9480f45faf8b4686bfb264838b5c1c62c537c5a2ec7b5a8617ac49_amd64",
"product_id": "registry.redhat.io/ansible-automation-platform-27/de-supported-rhel9@sha256:5aa7b2e33b9480f45faf8b4686bfb264838b5c1c62c537c5a2ec7b5a8617ac49_amd64",
"product_identification_helper": {
"purl": "pkg:oci/de-supported-rhel9@sha256%3A5aa7b2e33b9480f45faf8b4686bfb264838b5c1c62c537c5a2ec7b5a8617ac49?arch=amd64\u0026repository_url=registry.redhat.io/ansible-automation-platform-27/de-supported-rhel9\u0026tag=1781038454"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-27/ee-minimal-rhel9@sha256:abaebe0c1fbc2a013fad8ec411a449705c8a78759b82ddbe661afd99e90dada5_amd64",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-27/ee-minimal-rhel9@sha256:abaebe0c1fbc2a013fad8ec411a449705c8a78759b82ddbe661afd99e90dada5_amd64",
"product_id": "registry.redhat.io/ansible-automation-platform-27/ee-minimal-rhel9@sha256:abaebe0c1fbc2a013fad8ec411a449705c8a78759b82ddbe661afd99e90dada5_amd64",
"product_identification_helper": {
"purl": "pkg:oci/ee-minimal-rhel9@sha256%3Aabaebe0c1fbc2a013fad8ec411a449705c8a78759b82ddbe661afd99e90dada5?arch=amd64\u0026repository_url=registry.redhat.io/ansible-automation-platform-27/ee-minimal-rhel9\u0026tag=1781093888"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-27/ee-supported-rhel9@sha256:fcb7685115cfbf0a10ef87d6bb7a43c251c207a4fd7a31c5908cad85b6ae0e1a_amd64",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-27/ee-supported-rhel9@sha256:fcb7685115cfbf0a10ef87d6bb7a43c251c207a4fd7a31c5908cad85b6ae0e1a_amd64",
"product_id": "registry.redhat.io/ansible-automation-platform-27/ee-supported-rhel9@sha256:fcb7685115cfbf0a10ef87d6bb7a43c251c207a4fd7a31c5908cad85b6ae0e1a_amd64",
"product_identification_helper": {
"purl": "pkg:oci/ee-supported-rhel9@sha256%3Afcb7685115cfbf0a10ef87d6bb7a43c251c207a4fd7a31c5908cad85b6ae0e1a?arch=amd64\u0026repository_url=registry.redhat.io/ansible-automation-platform-27/ee-supported-rhel9\u0026tag=1781118924"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-27/platform-resource-rhel9-operator@sha256:3641db944490dd326c814487e1c10d5d9d079ba74f8321930ab277fe44b51705_amd64",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-27/platform-resource-rhel9-operator@sha256:3641db944490dd326c814487e1c10d5d9d079ba74f8321930ab277fe44b51705_amd64",
"product_id": "registry.redhat.io/ansible-automation-platform-27/platform-resource-rhel9-operator@sha256:3641db944490dd326c814487e1c10d5d9d079ba74f8321930ab277fe44b51705_amd64",
"product_identification_helper": {
"purl": "pkg:oci/platform-resource-rhel9-operator@sha256%3A3641db944490dd326c814487e1c10d5d9d079ba74f8321930ab277fe44b51705?arch=amd64\u0026repository_url=registry.redhat.io/ansible-automation-platform-27/platform-resource-rhel9-operator\u0026tag=1781102902"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-27/platform-resource-runner-rhel9@sha256:41c9292a512f44347fc348afd6846e7e8832abde31452ee12ec8eca235acdce4_amd64",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-27/platform-resource-runner-rhel9@sha256:41c9292a512f44347fc348afd6846e7e8832abde31452ee12ec8eca235acdce4_amd64",
"product_id": "registry.redhat.io/ansible-automation-platform-27/platform-resource-runner-rhel9@sha256:41c9292a512f44347fc348afd6846e7e8832abde31452ee12ec8eca235acdce4_amd64",
"product_identification_helper": {
"purl": "pkg:oci/platform-resource-runner-rhel9@sha256%3A41c9292a512f44347fc348afd6846e7e8832abde31452ee12ec8eca235acdce4?arch=amd64\u0026repository_url=registry.redhat.io/ansible-automation-platform-27/platform-resource-runner-rhel9\u0026tag=1781104458"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-27/receptor-rhel9@sha256:1ad72d1f577d63894eec4278c1b92b6e295cb3c0543b4dd2e93750c2cc83d535_amd64",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-27/receptor-rhel9@sha256:1ad72d1f577d63894eec4278c1b92b6e295cb3c0543b4dd2e93750c2cc83d535_amd64",
"product_id": "registry.redhat.io/ansible-automation-platform-27/receptor-rhel9@sha256:1ad72d1f577d63894eec4278c1b92b6e295cb3c0543b4dd2e93750c2cc83d535_amd64",
"product_identification_helper": {
"purl": "pkg:oci/receptor-rhel9@sha256%3A1ad72d1f577d63894eec4278c1b92b6e295cb3c0543b4dd2e93750c2cc83d535?arch=amd64\u0026repository_url=registry.redhat.io/ansible-automation-platform-27/receptor-rhel9\u0026tag=1780679838"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-27/mcp-server-rhel9@sha256:302cf11b0faed78e07e863d4b1e7e31db47590b571239385475d8a4c3cda47dc_arm64",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-27/mcp-server-rhel9@sha256:302cf11b0faed78e07e863d4b1e7e31db47590b571239385475d8a4c3cda47dc_arm64",
"product_id": "registry.redhat.io/ansible-automation-platform-27/mcp-server-rhel9@sha256:302cf11b0faed78e07e863d4b1e7e31db47590b571239385475d8a4c3cda47dc_arm64",
"product_identification_helper": {
"purl": "pkg:oci/mcp-server-rhel9@sha256%3A302cf11b0faed78e07e863d4b1e7e31db47590b571239385475d8a4c3cda47dc?arch=arm64\u0026repository_url=registry.redhat.io/ansible-automation-platform-27/mcp-server-rhel9\u0026tag=1780741250"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-27/aap-must-gather-rhel9@sha256:8426a97219763cb74366755416683d79e8b56c95da290b0fa2fff59a5db51db3_arm64",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-27/aap-must-gather-rhel9@sha256:8426a97219763cb74366755416683d79e8b56c95da290b0fa2fff59a5db51db3_arm64",
"product_id": "registry.redhat.io/ansible-automation-platform-27/aap-must-gather-rhel9@sha256:8426a97219763cb74366755416683d79e8b56c95da290b0fa2fff59a5db51db3_arm64",
"product_identification_helper": {
"purl": "pkg:oci/aap-must-gather-rhel9@sha256%3A8426a97219763cb74366755416683d79e8b56c95da290b0fa2fff59a5db51db3?arch=arm64\u0026repository_url=registry.redhat.io/ansible-automation-platform-27/aap-must-gather-rhel9\u0026tag=1780676763"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-27/ansible-builder-rhel9@sha256:f75e2056244899ae5e2ecab1404663bf554f7451cc521e0d7a75a2f40ecac7a1_arm64",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-27/ansible-builder-rhel9@sha256:f75e2056244899ae5e2ecab1404663bf554f7451cc521e0d7a75a2f40ecac7a1_arm64",
"product_id": "registry.redhat.io/ansible-automation-platform-27/ansible-builder-rhel9@sha256:f75e2056244899ae5e2ecab1404663bf554f7451cc521e0d7a75a2f40ecac7a1_arm64",
"product_identification_helper": {
"purl": "pkg:oci/ansible-builder-rhel9@sha256%3Af75e2056244899ae5e2ecab1404663bf554f7451cc521e0d7a75a2f40ecac7a1?arch=arm64\u0026repository_url=registry.redhat.io/ansible-automation-platform-27/ansible-builder-rhel9\u0026tag=1781101539"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-27/ansible-devspaces-rhel9@sha256:2211c0e7cd573bf30873329c46e91f98ff01fcb7e0753823d4c0517217c31ac3_arm64",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-27/ansible-devspaces-rhel9@sha256:2211c0e7cd573bf30873329c46e91f98ff01fcb7e0753823d4c0517217c31ac3_arm64",
"product_id": "registry.redhat.io/ansible-automation-platform-27/ansible-devspaces-rhel9@sha256:2211c0e7cd573bf30873329c46e91f98ff01fcb7e0753823d4c0517217c31ac3_arm64",
"product_identification_helper": {
"purl": "pkg:oci/ansible-devspaces-rhel9@sha256%3A2211c0e7cd573bf30873329c46e91f98ff01fcb7e0753823d4c0517217c31ac3?arch=arm64\u0026repository_url=registry.redhat.io/ansible-automation-platform-27/ansible-devspaces-rhel9\u0026tag=1781112811"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-27/ansible-dev-tools-rhel9@sha256:7dcd3a60624fa4f6c9f591ef8ffc48ba0f5152b7108a6070fa8f680c20168c95_arm64",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-27/ansible-dev-tools-rhel9@sha256:7dcd3a60624fa4f6c9f591ef8ffc48ba0f5152b7108a6070fa8f680c20168c95_arm64",
"product_id": "registry.redhat.io/ansible-automation-platform-27/ansible-dev-tools-rhel9@sha256:7dcd3a60624fa4f6c9f591ef8ffc48ba0f5152b7108a6070fa8f680c20168c95_arm64",
"product_identification_helper": {
"purl": "pkg:oci/ansible-dev-tools-rhel9@sha256%3A7dcd3a60624fa4f6c9f591ef8ffc48ba0f5152b7108a6070fa8f680c20168c95?arch=arm64\u0026repository_url=registry.redhat.io/ansible-automation-platform-27/ansible-dev-tools-rhel9\u0026tag=1780676633"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-27/lightspeed-chatbot-rhel9@sha256:c014148a6140721bb7733d5f30c7adbe3e2cc6f8a7cd6c3a939ab96f8c9420ee_arm64",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-27/lightspeed-chatbot-rhel9@sha256:c014148a6140721bb7733d5f30c7adbe3e2cc6f8a7cd6c3a939ab96f8c9420ee_arm64",
"product_id": "registry.redhat.io/ansible-automation-platform-27/lightspeed-chatbot-rhel9@sha256:c014148a6140721bb7733d5f30c7adbe3e2cc6f8a7cd6c3a939ab96f8c9420ee_arm64",
"product_identification_helper": {
"purl": "pkg:oci/lightspeed-chatbot-rhel9@sha256%3Ac014148a6140721bb7733d5f30c7adbe3e2cc6f8a7cd6c3a939ab96f8c9420ee?arch=arm64\u0026repository_url=registry.redhat.io/ansible-automation-platform-27/lightspeed-chatbot-rhel9\u0026tag=1781042555"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-27/lightspeed-rhel9@sha256:d02ae0212655f8ef70afc7a0656a2fbc95468228b003f6940d01cf4abeb5325b_arm64",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-27/lightspeed-rhel9@sha256:d02ae0212655f8ef70afc7a0656a2fbc95468228b003f6940d01cf4abeb5325b_arm64",
"product_id": "registry.redhat.io/ansible-automation-platform-27/lightspeed-rhel9@sha256:d02ae0212655f8ef70afc7a0656a2fbc95468228b003f6940d01cf4abeb5325b_arm64",
"product_identification_helper": {
"purl": "pkg:oci/lightspeed-rhel9@sha256%3Ad02ae0212655f8ef70afc7a0656a2fbc95468228b003f6940d01cf4abeb5325b?arch=arm64\u0026repository_url=registry.redhat.io/ansible-automation-platform-27/lightspeed-rhel9\u0026tag=1781025813"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-27/lightspeed-rhel9-operator@sha256:121e0bfb87b57655db4a735762a26e23f1b3de7b105cbf09bb300043601c1b43_arm64",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-27/lightspeed-rhel9-operator@sha256:121e0bfb87b57655db4a735762a26e23f1b3de7b105cbf09bb300043601c1b43_arm64",
"product_id": "registry.redhat.io/ansible-automation-platform-27/lightspeed-rhel9-operator@sha256:121e0bfb87b57655db4a735762a26e23f1b3de7b105cbf09bb300043601c1b43_arm64",
"product_identification_helper": {
"purl": "pkg:oci/lightspeed-rhel9-operator@sha256%3A121e0bfb87b57655db4a735762a26e23f1b3de7b105cbf09bb300043601c1b43?arch=arm64\u0026repository_url=registry.redhat.io/ansible-automation-platform-27/lightspeed-rhel9-operator\u0026tag=1781012601"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-27/mcp-tools-rhel9@sha256:f07206e7881bd11636bebb95f7ec9a70cc817f07d7b34f792265a5ec91d4432b_arm64",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-27/mcp-tools-rhel9@sha256:f07206e7881bd11636bebb95f7ec9a70cc817f07d7b34f792265a5ec91d4432b_arm64",
"product_id": "registry.redhat.io/ansible-automation-platform-27/mcp-tools-rhel9@sha256:f07206e7881bd11636bebb95f7ec9a70cc817f07d7b34f792265a5ec91d4432b_arm64",
"product_identification_helper": {
"purl": "pkg:oci/mcp-tools-rhel9@sha256%3Af07206e7881bd11636bebb95f7ec9a70cc817f07d7b34f792265a5ec91d4432b?arch=arm64\u0026repository_url=registry.redhat.io/ansible-automation-platform-27/mcp-tools-rhel9\u0026tag=1781030318"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-27/controller-rhel9@sha256:ddb59951ccb324d8bd6ae9c6a6093f211bcb08d8cac7c4fb10f191e421aa59d3_arm64",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-27/controller-rhel9@sha256:ddb59951ccb324d8bd6ae9c6a6093f211bcb08d8cac7c4fb10f191e421aa59d3_arm64",
"product_id": "registry.redhat.io/ansible-automation-platform-27/controller-rhel9@sha256:ddb59951ccb324d8bd6ae9c6a6093f211bcb08d8cac7c4fb10f191e421aa59d3_arm64",
"product_identification_helper": {
"purl": "pkg:oci/controller-rhel9@sha256%3Addb59951ccb324d8bd6ae9c6a6093f211bcb08d8cac7c4fb10f191e421aa59d3?arch=arm64\u0026repository_url=registry.redhat.io/ansible-automation-platform-27/controller-rhel9\u0026tag=1781097765"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-27/controller-rhel9-operator@sha256:afca3fb56256dcb7cb04a67fb52bff0160064c65f901a70fa3e97ed30ddaab7a_arm64",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-27/controller-rhel9-operator@sha256:afca3fb56256dcb7cb04a67fb52bff0160064c65f901a70fa3e97ed30ddaab7a_arm64",
"product_id": "registry.redhat.io/ansible-automation-platform-27/controller-rhel9-operator@sha256:afca3fb56256dcb7cb04a67fb52bff0160064c65f901a70fa3e97ed30ddaab7a_arm64",
"product_identification_helper": {
"purl": "pkg:oci/controller-rhel9-operator@sha256%3Aafca3fb56256dcb7cb04a67fb52bff0160064c65f901a70fa3e97ed30ddaab7a?arch=arm64\u0026repository_url=registry.redhat.io/ansible-automation-platform-27/controller-rhel9-operator\u0026tag=1781020811"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-27/eda-controller-rhel9@sha256:daefffce756c8c7918377279ada50a9cc127ab0939ed308c786940d5dc42e0d9_arm64",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-27/eda-controller-rhel9@sha256:daefffce756c8c7918377279ada50a9cc127ab0939ed308c786940d5dc42e0d9_arm64",
"product_id": "registry.redhat.io/ansible-automation-platform-27/eda-controller-rhel9@sha256:daefffce756c8c7918377279ada50a9cc127ab0939ed308c786940d5dc42e0d9_arm64",
"product_identification_helper": {
"purl": "pkg:oci/eda-controller-rhel9@sha256%3Adaefffce756c8c7918377279ada50a9cc127ab0939ed308c786940d5dc42e0d9?arch=arm64\u0026repository_url=registry.redhat.io/ansible-automation-platform-27/eda-controller-rhel9\u0026tag=1781028735"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-27/eda-controller-rhel9-operator@sha256:b58803576b7a2e119ffe83ceb252d8d402f1611c891c2c6ac7c4e0399acd848f_arm64",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-27/eda-controller-rhel9-operator@sha256:b58803576b7a2e119ffe83ceb252d8d402f1611c891c2c6ac7c4e0399acd848f_arm64",
"product_id": "registry.redhat.io/ansible-automation-platform-27/eda-controller-rhel9-operator@sha256:b58803576b7a2e119ffe83ceb252d8d402f1611c891c2c6ac7c4e0399acd848f_arm64",
"product_identification_helper": {
"purl": "pkg:oci/eda-controller-rhel9-operator@sha256%3Ab58803576b7a2e119ffe83ceb252d8d402f1611c891c2c6ac7c4e0399acd848f?arch=arm64\u0026repository_url=registry.redhat.io/ansible-automation-platform-27/eda-controller-rhel9-operator\u0026tag=1780676212"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-27/eda-controller-ui-rhel9@sha256:bd7350b62eb0f2de274eafd7dc32e4cf3073bd597e282268ff17777b9fe5d102_arm64",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-27/eda-controller-ui-rhel9@sha256:bd7350b62eb0f2de274eafd7dc32e4cf3073bd597e282268ff17777b9fe5d102_arm64",
"product_id": "registry.redhat.io/ansible-automation-platform-27/eda-controller-ui-rhel9@sha256:bd7350b62eb0f2de274eafd7dc32e4cf3073bd597e282268ff17777b9fe5d102_arm64",
"product_identification_helper": {
"purl": "pkg:oci/eda-controller-ui-rhel9@sha256%3Abd7350b62eb0f2de274eafd7dc32e4cf3073bd597e282268ff17777b9fe5d102?arch=arm64\u0026repository_url=registry.redhat.io/ansible-automation-platform-27/eda-controller-ui-rhel9\u0026tag=1781030866"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-27/gateway-rhel9@sha256:a961d06200887f646ed797932c3159634581fe144e5f29f1fef47ddc859eed31_arm64",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-27/gateway-rhel9@sha256:a961d06200887f646ed797932c3159634581fe144e5f29f1fef47ddc859eed31_arm64",
"product_id": "registry.redhat.io/ansible-automation-platform-27/gateway-rhel9@sha256:a961d06200887f646ed797932c3159634581fe144e5f29f1fef47ddc859eed31_arm64",
"product_identification_helper": {
"purl": "pkg:oci/gateway-rhel9@sha256%3Aa961d06200887f646ed797932c3159634581fe144e5f29f1fef47ddc859eed31?arch=arm64\u0026repository_url=registry.redhat.io/ansible-automation-platform-27/gateway-rhel9\u0026tag=1781044628"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-27/gateway-rhel9-operator@sha256:de3d43a8d9a2cf0d533337e825b078205cc37b01c935a4f68ac152a8a7a7533c_arm64",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-27/gateway-rhel9-operator@sha256:de3d43a8d9a2cf0d533337e825b078205cc37b01c935a4f68ac152a8a7a7533c_arm64",
"product_id": "registry.redhat.io/ansible-automation-platform-27/gateway-rhel9-operator@sha256:de3d43a8d9a2cf0d533337e825b078205cc37b01c935a4f68ac152a8a7a7533c_arm64",
"product_identification_helper": {
"purl": "pkg:oci/gateway-rhel9-operator@sha256%3Ade3d43a8d9a2cf0d533337e825b078205cc37b01c935a4f68ac152a8a7a7533c?arch=arm64\u0026repository_url=registry.redhat.io/ansible-automation-platform-27/gateway-rhel9-operator\u0026tag=1781031115"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-27/gateway-proxy-rhel9@sha256:e78dd744714feae5ae944c759759bff17c061c7ed2d3bd1454ba763131ed6ee0_arm64",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-27/gateway-proxy-rhel9@sha256:e78dd744714feae5ae944c759759bff17c061c7ed2d3bd1454ba763131ed6ee0_arm64",
"product_id": "registry.redhat.io/ansible-automation-platform-27/gateway-proxy-rhel9@sha256:e78dd744714feae5ae944c759759bff17c061c7ed2d3bd1454ba763131ed6ee0_arm64",
"product_identification_helper": {
"purl": "pkg:oci/gateway-proxy-rhel9@sha256%3Ae78dd744714feae5ae944c759759bff17c061c7ed2d3bd1454ba763131ed6ee0?arch=arm64\u0026repository_url=registry.redhat.io/ansible-automation-platform-27/gateway-proxy-rhel9\u0026tag=1781112272"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-27/hub-rhel9@sha256:3a04de6f43c1352f5df5c5a9e19fd8aad23d2921d23dcef8a9f5e121a87fe800_arm64",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-27/hub-rhel9@sha256:3a04de6f43c1352f5df5c5a9e19fd8aad23d2921d23dcef8a9f5e121a87fe800_arm64",
"product_id": "registry.redhat.io/ansible-automation-platform-27/hub-rhel9@sha256:3a04de6f43c1352f5df5c5a9e19fd8aad23d2921d23dcef8a9f5e121a87fe800_arm64",
"product_identification_helper": {
"purl": "pkg:oci/hub-rhel9@sha256%3A3a04de6f43c1352f5df5c5a9e19fd8aad23d2921d23dcef8a9f5e121a87fe800?arch=arm64\u0026repository_url=registry.redhat.io/ansible-automation-platform-27/hub-rhel9\u0026tag=1781102816"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-27/hub-rhel9-operator@sha256:c738cf5ef020b44a404402ddd660afc3d418a758751f848068bda4bc5bce0e35_arm64",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-27/hub-rhel9-operator@sha256:c738cf5ef020b44a404402ddd660afc3d418a758751f848068bda4bc5bce0e35_arm64",
"product_id": "registry.redhat.io/ansible-automation-platform-27/hub-rhel9-operator@sha256:c738cf5ef020b44a404402ddd660afc3d418a758751f848068bda4bc5bce0e35_arm64",
"product_identification_helper": {
"purl": "pkg:oci/hub-rhel9-operator@sha256%3Ac738cf5ef020b44a404402ddd660afc3d418a758751f848068bda4bc5bce0e35?arch=arm64\u0026repository_url=registry.redhat.io/ansible-automation-platform-27/hub-rhel9-operator\u0026tag=1780676321"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-27/hub-web-rhel9@sha256:adca5f837877df04696709a4826ccae31e2fdc50aa8bc32fabb4ef40cd51f0ef_arm64",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-27/hub-web-rhel9@sha256:adca5f837877df04696709a4826ccae31e2fdc50aa8bc32fabb4ef40cd51f0ef_arm64",
"product_id": "registry.redhat.io/ansible-automation-platform-27/hub-web-rhel9@sha256:adca5f837877df04696709a4826ccae31e2fdc50aa8bc32fabb4ef40cd51f0ef_arm64",
"product_identification_helper": {
"purl": "pkg:oci/hub-web-rhel9@sha256%3Aadca5f837877df04696709a4826ccae31e2fdc50aa8bc32fabb4ef40cd51f0ef?arch=arm64\u0026repository_url=registry.redhat.io/ansible-automation-platform-27/hub-web-rhel9\u0026tag=1781105214"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-27/metrics-service-rhel9-operator@sha256:d71829d8bd9bfdba7d248e2e2cd5795139382947889b71bb96b27f7d443e1591_arm64",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-27/metrics-service-rhel9-operator@sha256:d71829d8bd9bfdba7d248e2e2cd5795139382947889b71bb96b27f7d443e1591_arm64",
"product_id": "registry.redhat.io/ansible-automation-platform-27/metrics-service-rhel9-operator@sha256:d71829d8bd9bfdba7d248e2e2cd5795139382947889b71bb96b27f7d443e1591_arm64",
"product_identification_helper": {
"purl": "pkg:oci/metrics-service-rhel9-operator@sha256%3Ad71829d8bd9bfdba7d248e2e2cd5795139382947889b71bb96b27f7d443e1591?arch=arm64\u0026repository_url=registry.redhat.io/ansible-automation-platform-27/metrics-service-rhel9-operator\u0026tag=1781020387"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-27/metrics-service-rhel9@sha256:ce4ef5c8af91d2056a034f9559a5d92742b18aea7aeaf03d2bacfa92d67c5b9b_arm64",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-27/metrics-service-rhel9@sha256:ce4ef5c8af91d2056a034f9559a5d92742b18aea7aeaf03d2bacfa92d67c5b9b_arm64",
"product_id": "registry.redhat.io/ansible-automation-platform-27/metrics-service-rhel9@sha256:ce4ef5c8af91d2056a034f9559a5d92742b18aea7aeaf03d2bacfa92d67c5b9b_arm64",
"product_identification_helper": {
"purl": "pkg:oci/metrics-service-rhel9@sha256%3Ace4ef5c8af91d2056a034f9559a5d92742b18aea7aeaf03d2bacfa92d67c5b9b?arch=arm64\u0026repository_url=registry.redhat.io/ansible-automation-platform-27/metrics-service-rhel9\u0026tag=1780937494"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-27/de-minimal-rhel9@sha256:587ec88d08d4113f07778f81aae6de62c9e9d971b677b1375b547aa7dd1178c8_arm64",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-27/de-minimal-rhel9@sha256:587ec88d08d4113f07778f81aae6de62c9e9d971b677b1375b547aa7dd1178c8_arm64",
"product_id": "registry.redhat.io/ansible-automation-platform-27/de-minimal-rhel9@sha256:587ec88d08d4113f07778f81aae6de62c9e9d971b677b1375b547aa7dd1178c8_arm64",
"product_identification_helper": {
"purl": "pkg:oci/de-minimal-rhel9@sha256%3A587ec88d08d4113f07778f81aae6de62c9e9d971b677b1375b547aa7dd1178c8?arch=arm64\u0026repository_url=registry.redhat.io/ansible-automation-platform-27/de-minimal-rhel9\u0026tag=1781036795"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-27/de-supported-rhel9@sha256:830fa58a60fbd7f768e236b2052edd1d37fc7cf383a0ccd65483b09fa5b07bd2_arm64",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-27/de-supported-rhel9@sha256:830fa58a60fbd7f768e236b2052edd1d37fc7cf383a0ccd65483b09fa5b07bd2_arm64",
"product_id": "registry.redhat.io/ansible-automation-platform-27/de-supported-rhel9@sha256:830fa58a60fbd7f768e236b2052edd1d37fc7cf383a0ccd65483b09fa5b07bd2_arm64",
"product_identification_helper": {
"purl": "pkg:oci/de-supported-rhel9@sha256%3A830fa58a60fbd7f768e236b2052edd1d37fc7cf383a0ccd65483b09fa5b07bd2?arch=arm64\u0026repository_url=registry.redhat.io/ansible-automation-platform-27/de-supported-rhel9\u0026tag=1781038454"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-27/ee-minimal-rhel9@sha256:c4f9e3356a2217008bd6f69325ae74d547703f1bcfe39bd74737f30c6914f711_arm64",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-27/ee-minimal-rhel9@sha256:c4f9e3356a2217008bd6f69325ae74d547703f1bcfe39bd74737f30c6914f711_arm64",
"product_id": "registry.redhat.io/ansible-automation-platform-27/ee-minimal-rhel9@sha256:c4f9e3356a2217008bd6f69325ae74d547703f1bcfe39bd74737f30c6914f711_arm64",
"product_identification_helper": {
"purl": "pkg:oci/ee-minimal-rhel9@sha256%3Ac4f9e3356a2217008bd6f69325ae74d547703f1bcfe39bd74737f30c6914f711?arch=arm64\u0026repository_url=registry.redhat.io/ansible-automation-platform-27/ee-minimal-rhel9\u0026tag=1781093888"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-27/ee-supported-rhel9@sha256:017495624b22a5825231dd70443dc9ab359da0df5ea16a5a04e0f4dc915b6e0f_arm64",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-27/ee-supported-rhel9@sha256:017495624b22a5825231dd70443dc9ab359da0df5ea16a5a04e0f4dc915b6e0f_arm64",
"product_id": "registry.redhat.io/ansible-automation-platform-27/ee-supported-rhel9@sha256:017495624b22a5825231dd70443dc9ab359da0df5ea16a5a04e0f4dc915b6e0f_arm64",
"product_identification_helper": {
"purl": "pkg:oci/ee-supported-rhel9@sha256%3A017495624b22a5825231dd70443dc9ab359da0df5ea16a5a04e0f4dc915b6e0f?arch=arm64\u0026repository_url=registry.redhat.io/ansible-automation-platform-27/ee-supported-rhel9\u0026tag=1781118924"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-27/platform-resource-rhel9-operator@sha256:7e6ea2d4253efb0aaabce270c56bf8ef84148592862608f501b639566b9996f0_arm64",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-27/platform-resource-rhel9-operator@sha256:7e6ea2d4253efb0aaabce270c56bf8ef84148592862608f501b639566b9996f0_arm64",
"product_id": "registry.redhat.io/ansible-automation-platform-27/platform-resource-rhel9-operator@sha256:7e6ea2d4253efb0aaabce270c56bf8ef84148592862608f501b639566b9996f0_arm64",
"product_identification_helper": {
"purl": "pkg:oci/platform-resource-rhel9-operator@sha256%3A7e6ea2d4253efb0aaabce270c56bf8ef84148592862608f501b639566b9996f0?arch=arm64\u0026repository_url=registry.redhat.io/ansible-automation-platform-27/platform-resource-rhel9-operator\u0026tag=1781102902"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-27/platform-resource-runner-rhel9@sha256:f30a9515d678d60e9ac035b876ecdaaa8a4852c87fe55e16bcabf598ad447b14_arm64",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-27/platform-resource-runner-rhel9@sha256:f30a9515d678d60e9ac035b876ecdaaa8a4852c87fe55e16bcabf598ad447b14_arm64",
"product_id": "registry.redhat.io/ansible-automation-platform-27/platform-resource-runner-rhel9@sha256:f30a9515d678d60e9ac035b876ecdaaa8a4852c87fe55e16bcabf598ad447b14_arm64",
"product_identification_helper": {
"purl": "pkg:oci/platform-resource-runner-rhel9@sha256%3Af30a9515d678d60e9ac035b876ecdaaa8a4852c87fe55e16bcabf598ad447b14?arch=arm64\u0026repository_url=registry.redhat.io/ansible-automation-platform-27/platform-resource-runner-rhel9\u0026tag=1781104458"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-27/receptor-rhel9@sha256:5c5bc6761dbd47effea36014affa352bddd5a18696377967f1f50b75df2741fe_arm64",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-27/receptor-rhel9@sha256:5c5bc6761dbd47effea36014affa352bddd5a18696377967f1f50b75df2741fe_arm64",
"product_id": "registry.redhat.io/ansible-automation-platform-27/receptor-rhel9@sha256:5c5bc6761dbd47effea36014affa352bddd5a18696377967f1f50b75df2741fe_arm64",
"product_identification_helper": {
"purl": "pkg:oci/receptor-rhel9@sha256%3A5c5bc6761dbd47effea36014affa352bddd5a18696377967f1f50b75df2741fe?arch=arm64\u0026repository_url=registry.redhat.io/ansible-automation-platform-27/receptor-rhel9\u0026tag=1780679838"
}
}
}
],
"category": "architecture",
"name": "arm64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-27/aap-must-gather-rhel9@sha256:51ed36bb2a95df762fa0239faf7bcc70b68dbd5f744bd2094f5e29ecc6700eb3_amd64 as a component of Red Hat Ansible Automation Platform 2.7",
"product_id": "Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/aap-must-gather-rhel9@sha256:51ed36bb2a95df762fa0239faf7bcc70b68dbd5f744bd2094f5e29ecc6700eb3_amd64"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-27/aap-must-gather-rhel9@sha256:51ed36bb2a95df762fa0239faf7bcc70b68dbd5f744bd2094f5e29ecc6700eb3_amd64",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-27/aap-must-gather-rhel9@sha256:8426a97219763cb74366755416683d79e8b56c95da290b0fa2fff59a5db51db3_arm64 as a component of Red Hat Ansible Automation Platform 2.7",
"product_id": "Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/aap-must-gather-rhel9@sha256:8426a97219763cb74366755416683d79e8b56c95da290b0fa2fff59a5db51db3_arm64"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-27/aap-must-gather-rhel9@sha256:8426a97219763cb74366755416683d79e8b56c95da290b0fa2fff59a5db51db3_arm64",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-27/ansible-builder-rhel9@sha256:0ddbc5f91472e5872912da6131e71df85e87b79ef8ea3d38bb4247f1456d4a00_amd64 as a component of Red Hat Ansible Automation Platform 2.7",
"product_id": "Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/ansible-builder-rhel9@sha256:0ddbc5f91472e5872912da6131e71df85e87b79ef8ea3d38bb4247f1456d4a00_amd64"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-27/ansible-builder-rhel9@sha256:0ddbc5f91472e5872912da6131e71df85e87b79ef8ea3d38bb4247f1456d4a00_amd64",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-27/ansible-builder-rhel9@sha256:f75e2056244899ae5e2ecab1404663bf554f7451cc521e0d7a75a2f40ecac7a1_arm64 as a component of Red Hat Ansible Automation Platform 2.7",
"product_id": "Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/ansible-builder-rhel9@sha256:f75e2056244899ae5e2ecab1404663bf554f7451cc521e0d7a75a2f40ecac7a1_arm64"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-27/ansible-builder-rhel9@sha256:f75e2056244899ae5e2ecab1404663bf554f7451cc521e0d7a75a2f40ecac7a1_arm64",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-27/ansible-dev-tools-rhel9@sha256:7dcd3a60624fa4f6c9f591ef8ffc48ba0f5152b7108a6070fa8f680c20168c95_arm64 as a component of Red Hat Ansible Automation Platform 2.7",
"product_id": "Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/ansible-dev-tools-rhel9@sha256:7dcd3a60624fa4f6c9f591ef8ffc48ba0f5152b7108a6070fa8f680c20168c95_arm64"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-27/ansible-dev-tools-rhel9@sha256:7dcd3a60624fa4f6c9f591ef8ffc48ba0f5152b7108a6070fa8f680c20168c95_arm64",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-27/ansible-dev-tools-rhel9@sha256:a8135ef1879793f311f2661c380bd5fbbedc14a4d195aeaa5a4cb04ad4845f49_amd64 as a component of Red Hat Ansible Automation Platform 2.7",
"product_id": "Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/ansible-dev-tools-rhel9@sha256:a8135ef1879793f311f2661c380bd5fbbedc14a4d195aeaa5a4cb04ad4845f49_amd64"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-27/ansible-dev-tools-rhel9@sha256:a8135ef1879793f311f2661c380bd5fbbedc14a4d195aeaa5a4cb04ad4845f49_amd64",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-27/ansible-devspaces-rhel9@sha256:2211c0e7cd573bf30873329c46e91f98ff01fcb7e0753823d4c0517217c31ac3_arm64 as a component of Red Hat Ansible Automation Platform 2.7",
"product_id": "Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/ansible-devspaces-rhel9@sha256:2211c0e7cd573bf30873329c46e91f98ff01fcb7e0753823d4c0517217c31ac3_arm64"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-27/ansible-devspaces-rhel9@sha256:2211c0e7cd573bf30873329c46e91f98ff01fcb7e0753823d4c0517217c31ac3_arm64",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-27/ansible-devspaces-rhel9@sha256:a6903f68684eb8f5bc688b75e390727b5ed48b864784657e49611966266c9f3f_amd64 as a component of Red Hat Ansible Automation Platform 2.7",
"product_id": "Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/ansible-devspaces-rhel9@sha256:a6903f68684eb8f5bc688b75e390727b5ed48b864784657e49611966266c9f3f_amd64"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-27/ansible-devspaces-rhel9@sha256:a6903f68684eb8f5bc688b75e390727b5ed48b864784657e49611966266c9f3f_amd64",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-27/controller-rhel9-operator@sha256:5ffa88952441ddab19ada1bd2603e3614b75d10ef51e38098c2d22d8b358b518_amd64 as a component of Red Hat Ansible Automation Platform 2.7",
"product_id": "Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/controller-rhel9-operator@sha256:5ffa88952441ddab19ada1bd2603e3614b75d10ef51e38098c2d22d8b358b518_amd64"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-27/controller-rhel9-operator@sha256:5ffa88952441ddab19ada1bd2603e3614b75d10ef51e38098c2d22d8b358b518_amd64",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-27/controller-rhel9-operator@sha256:afca3fb56256dcb7cb04a67fb52bff0160064c65f901a70fa3e97ed30ddaab7a_arm64 as a component of Red Hat Ansible Automation Platform 2.7",
"product_id": "Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/controller-rhel9-operator@sha256:afca3fb56256dcb7cb04a67fb52bff0160064c65f901a70fa3e97ed30ddaab7a_arm64"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-27/controller-rhel9-operator@sha256:afca3fb56256dcb7cb04a67fb52bff0160064c65f901a70fa3e97ed30ddaab7a_arm64",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-27/controller-rhel9@sha256:5e1a04dbcddc141f0026ccee871050cf974175b62c3d22b33e5ec3aec54128d3_amd64 as a component of Red Hat Ansible Automation Platform 2.7",
"product_id": "Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/controller-rhel9@sha256:5e1a04dbcddc141f0026ccee871050cf974175b62c3d22b33e5ec3aec54128d3_amd64"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-27/controller-rhel9@sha256:5e1a04dbcddc141f0026ccee871050cf974175b62c3d22b33e5ec3aec54128d3_amd64",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-27/controller-rhel9@sha256:ddb59951ccb324d8bd6ae9c6a6093f211bcb08d8cac7c4fb10f191e421aa59d3_arm64 as a component of Red Hat Ansible Automation Platform 2.7",
"product_id": "Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/controller-rhel9@sha256:ddb59951ccb324d8bd6ae9c6a6093f211bcb08d8cac7c4fb10f191e421aa59d3_arm64"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-27/controller-rhel9@sha256:ddb59951ccb324d8bd6ae9c6a6093f211bcb08d8cac7c4fb10f191e421aa59d3_arm64",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-27/de-minimal-rhel9@sha256:55ad63ce31700829d0df23692d02cb7796404b122f790f9329f4b742c5f6783e_amd64 as a component of Red Hat Ansible Automation Platform 2.7",
"product_id": "Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/de-minimal-rhel9@sha256:55ad63ce31700829d0df23692d02cb7796404b122f790f9329f4b742c5f6783e_amd64"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-27/de-minimal-rhel9@sha256:55ad63ce31700829d0df23692d02cb7796404b122f790f9329f4b742c5f6783e_amd64",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-27/de-minimal-rhel9@sha256:587ec88d08d4113f07778f81aae6de62c9e9d971b677b1375b547aa7dd1178c8_arm64 as a component of Red Hat Ansible Automation Platform 2.7",
"product_id": "Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/de-minimal-rhel9@sha256:587ec88d08d4113f07778f81aae6de62c9e9d971b677b1375b547aa7dd1178c8_arm64"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-27/de-minimal-rhel9@sha256:587ec88d08d4113f07778f81aae6de62c9e9d971b677b1375b547aa7dd1178c8_arm64",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-27/de-supported-rhel9@sha256:5aa7b2e33b9480f45faf8b4686bfb264838b5c1c62c537c5a2ec7b5a8617ac49_amd64 as a component of Red Hat Ansible Automation Platform 2.7",
"product_id": "Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/de-supported-rhel9@sha256:5aa7b2e33b9480f45faf8b4686bfb264838b5c1c62c537c5a2ec7b5a8617ac49_amd64"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-27/de-supported-rhel9@sha256:5aa7b2e33b9480f45faf8b4686bfb264838b5c1c62c537c5a2ec7b5a8617ac49_amd64",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-27/de-supported-rhel9@sha256:830fa58a60fbd7f768e236b2052edd1d37fc7cf383a0ccd65483b09fa5b07bd2_arm64 as a component of Red Hat Ansible Automation Platform 2.7",
"product_id": "Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/de-supported-rhel9@sha256:830fa58a60fbd7f768e236b2052edd1d37fc7cf383a0ccd65483b09fa5b07bd2_arm64"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-27/de-supported-rhel9@sha256:830fa58a60fbd7f768e236b2052edd1d37fc7cf383a0ccd65483b09fa5b07bd2_arm64",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-27/eda-controller-rhel9-operator@sha256:a18f77ccf6c524f5d0c11d34d6787b22548194b6897abd491de85b00fc1befd3_amd64 as a component of Red Hat Ansible Automation Platform 2.7",
"product_id": "Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/eda-controller-rhel9-operator@sha256:a18f77ccf6c524f5d0c11d34d6787b22548194b6897abd491de85b00fc1befd3_amd64"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-27/eda-controller-rhel9-operator@sha256:a18f77ccf6c524f5d0c11d34d6787b22548194b6897abd491de85b00fc1befd3_amd64",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-27/eda-controller-rhel9-operator@sha256:b58803576b7a2e119ffe83ceb252d8d402f1611c891c2c6ac7c4e0399acd848f_arm64 as a component of Red Hat Ansible Automation Platform 2.7",
"product_id": "Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/eda-controller-rhel9-operator@sha256:b58803576b7a2e119ffe83ceb252d8d402f1611c891c2c6ac7c4e0399acd848f_arm64"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-27/eda-controller-rhel9-operator@sha256:b58803576b7a2e119ffe83ceb252d8d402f1611c891c2c6ac7c4e0399acd848f_arm64",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-27/eda-controller-rhel9@sha256:daefffce756c8c7918377279ada50a9cc127ab0939ed308c786940d5dc42e0d9_arm64 as a component of Red Hat Ansible Automation Platform 2.7",
"product_id": "Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/eda-controller-rhel9@sha256:daefffce756c8c7918377279ada50a9cc127ab0939ed308c786940d5dc42e0d9_arm64"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-27/eda-controller-rhel9@sha256:daefffce756c8c7918377279ada50a9cc127ab0939ed308c786940d5dc42e0d9_arm64",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-27/eda-controller-rhel9@sha256:dfde61892d055e89b056f7fb8863f3a0961df2bb8890323b8301670fc8afc66b_amd64 as a component of Red Hat Ansible Automation Platform 2.7",
"product_id": "Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/eda-controller-rhel9@sha256:dfde61892d055e89b056f7fb8863f3a0961df2bb8890323b8301670fc8afc66b_amd64"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-27/eda-controller-rhel9@sha256:dfde61892d055e89b056f7fb8863f3a0961df2bb8890323b8301670fc8afc66b_amd64",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-27/eda-controller-ui-rhel9@sha256:bd7350b62eb0f2de274eafd7dc32e4cf3073bd597e282268ff17777b9fe5d102_arm64 as a component of Red Hat Ansible Automation Platform 2.7",
"product_id": "Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/eda-controller-ui-rhel9@sha256:bd7350b62eb0f2de274eafd7dc32e4cf3073bd597e282268ff17777b9fe5d102_arm64"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-27/eda-controller-ui-rhel9@sha256:bd7350b62eb0f2de274eafd7dc32e4cf3073bd597e282268ff17777b9fe5d102_arm64",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-27/eda-controller-ui-rhel9@sha256:fe72e508123fdd2795959017e5572689b039d5bdfc675dc45673c5586fceea17_amd64 as a component of Red Hat Ansible Automation Platform 2.7",
"product_id": "Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/eda-controller-ui-rhel9@sha256:fe72e508123fdd2795959017e5572689b039d5bdfc675dc45673c5586fceea17_amd64"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-27/eda-controller-ui-rhel9@sha256:fe72e508123fdd2795959017e5572689b039d5bdfc675dc45673c5586fceea17_amd64",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-27/ee-minimal-rhel9@sha256:abaebe0c1fbc2a013fad8ec411a449705c8a78759b82ddbe661afd99e90dada5_amd64 as a component of Red Hat Ansible Automation Platform 2.7",
"product_id": "Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/ee-minimal-rhel9@sha256:abaebe0c1fbc2a013fad8ec411a449705c8a78759b82ddbe661afd99e90dada5_amd64"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-27/ee-minimal-rhel9@sha256:abaebe0c1fbc2a013fad8ec411a449705c8a78759b82ddbe661afd99e90dada5_amd64",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-27/ee-minimal-rhel9@sha256:c4f9e3356a2217008bd6f69325ae74d547703f1bcfe39bd74737f30c6914f711_arm64 as a component of Red Hat Ansible Automation Platform 2.7",
"product_id": "Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/ee-minimal-rhel9@sha256:c4f9e3356a2217008bd6f69325ae74d547703f1bcfe39bd74737f30c6914f711_arm64"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-27/ee-minimal-rhel9@sha256:c4f9e3356a2217008bd6f69325ae74d547703f1bcfe39bd74737f30c6914f711_arm64",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-27/ee-supported-rhel9@sha256:017495624b22a5825231dd70443dc9ab359da0df5ea16a5a04e0f4dc915b6e0f_arm64 as a component of Red Hat Ansible Automation Platform 2.7",
"product_id": "Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/ee-supported-rhel9@sha256:017495624b22a5825231dd70443dc9ab359da0df5ea16a5a04e0f4dc915b6e0f_arm64"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-27/ee-supported-rhel9@sha256:017495624b22a5825231dd70443dc9ab359da0df5ea16a5a04e0f4dc915b6e0f_arm64",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-27/ee-supported-rhel9@sha256:fcb7685115cfbf0a10ef87d6bb7a43c251c207a4fd7a31c5908cad85b6ae0e1a_amd64 as a component of Red Hat Ansible Automation Platform 2.7",
"product_id": "Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/ee-supported-rhel9@sha256:fcb7685115cfbf0a10ef87d6bb7a43c251c207a4fd7a31c5908cad85b6ae0e1a_amd64"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-27/ee-supported-rhel9@sha256:fcb7685115cfbf0a10ef87d6bb7a43c251c207a4fd7a31c5908cad85b6ae0e1a_amd64",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-27/gateway-proxy-rhel9@sha256:d15bd832817f039fa3c09d6d74088254b6fae15a5efed7a88279a657b2f23f16_amd64 as a component of Red Hat Ansible Automation Platform 2.7",
"product_id": "Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/gateway-proxy-rhel9@sha256:d15bd832817f039fa3c09d6d74088254b6fae15a5efed7a88279a657b2f23f16_amd64"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-27/gateway-proxy-rhel9@sha256:d15bd832817f039fa3c09d6d74088254b6fae15a5efed7a88279a657b2f23f16_amd64",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-27/gateway-proxy-rhel9@sha256:e78dd744714feae5ae944c759759bff17c061c7ed2d3bd1454ba763131ed6ee0_arm64 as a component of Red Hat Ansible Automation Platform 2.7",
"product_id": "Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/gateway-proxy-rhel9@sha256:e78dd744714feae5ae944c759759bff17c061c7ed2d3bd1454ba763131ed6ee0_arm64"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-27/gateway-proxy-rhel9@sha256:e78dd744714feae5ae944c759759bff17c061c7ed2d3bd1454ba763131ed6ee0_arm64",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-27/gateway-rhel9-operator@sha256:de3d43a8d9a2cf0d533337e825b078205cc37b01c935a4f68ac152a8a7a7533c_arm64 as a component of Red Hat Ansible Automation Platform 2.7",
"product_id": "Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/gateway-rhel9-operator@sha256:de3d43a8d9a2cf0d533337e825b078205cc37b01c935a4f68ac152a8a7a7533c_arm64"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-27/gateway-rhel9-operator@sha256:de3d43a8d9a2cf0d533337e825b078205cc37b01c935a4f68ac152a8a7a7533c_arm64",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-27/gateway-rhel9-operator@sha256:eca1f9bd16210653a372e34a4f40ca4d6330618a2acba64f6f7c2e8e95026da1_amd64 as a component of Red Hat Ansible Automation Platform 2.7",
"product_id": "Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/gateway-rhel9-operator@sha256:eca1f9bd16210653a372e34a4f40ca4d6330618a2acba64f6f7c2e8e95026da1_amd64"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-27/gateway-rhel9-operator@sha256:eca1f9bd16210653a372e34a4f40ca4d6330618a2acba64f6f7c2e8e95026da1_amd64",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-27/gateway-rhel9@sha256:a961d06200887f646ed797932c3159634581fe144e5f29f1fef47ddc859eed31_arm64 as a component of Red Hat Ansible Automation Platform 2.7",
"product_id": "Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/gateway-rhel9@sha256:a961d06200887f646ed797932c3159634581fe144e5f29f1fef47ddc859eed31_arm64"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-27/gateway-rhel9@sha256:a961d06200887f646ed797932c3159634581fe144e5f29f1fef47ddc859eed31_arm64",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-27/gateway-rhel9@sha256:bd28a84fe3b750313749ec80d44cac88c7b06408b0caceea08d303f51c1f559a_amd64 as a component of Red Hat Ansible Automation Platform 2.7",
"product_id": "Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/gateway-rhel9@sha256:bd28a84fe3b750313749ec80d44cac88c7b06408b0caceea08d303f51c1f559a_amd64"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-27/gateway-rhel9@sha256:bd28a84fe3b750313749ec80d44cac88c7b06408b0caceea08d303f51c1f559a_amd64",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-27/hub-rhel9-operator@sha256:3312c6acd7a577bd8b3ccda5a65f8505ff76e2acc7a46e7f290a49dfb53cfac4_amd64 as a component of Red Hat Ansible Automation Platform 2.7",
"product_id": "Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/hub-rhel9-operator@sha256:3312c6acd7a577bd8b3ccda5a65f8505ff76e2acc7a46e7f290a49dfb53cfac4_amd64"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-27/hub-rhel9-operator@sha256:3312c6acd7a577bd8b3ccda5a65f8505ff76e2acc7a46e7f290a49dfb53cfac4_amd64",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-27/hub-rhel9-operator@sha256:c738cf5ef020b44a404402ddd660afc3d418a758751f848068bda4bc5bce0e35_arm64 as a component of Red Hat Ansible Automation Platform 2.7",
"product_id": "Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/hub-rhel9-operator@sha256:c738cf5ef020b44a404402ddd660afc3d418a758751f848068bda4bc5bce0e35_arm64"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-27/hub-rhel9-operator@sha256:c738cf5ef020b44a404402ddd660afc3d418a758751f848068bda4bc5bce0e35_arm64",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-27/hub-rhel9@sha256:3a04de6f43c1352f5df5c5a9e19fd8aad23d2921d23dcef8a9f5e121a87fe800_arm64 as a component of Red Hat Ansible Automation Platform 2.7",
"product_id": "Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/hub-rhel9@sha256:3a04de6f43c1352f5df5c5a9e19fd8aad23d2921d23dcef8a9f5e121a87fe800_arm64"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-27/hub-rhel9@sha256:3a04de6f43c1352f5df5c5a9e19fd8aad23d2921d23dcef8a9f5e121a87fe800_arm64",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-27/hub-rhel9@sha256:cdd7f08ba3846269e6932375c1a7bdb4ed3bfe062ba7bcd5a872def4293150a6_amd64 as a component of Red Hat Ansible Automation Platform 2.7",
"product_id": "Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/hub-rhel9@sha256:cdd7f08ba3846269e6932375c1a7bdb4ed3bfe062ba7bcd5a872def4293150a6_amd64"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-27/hub-rhel9@sha256:cdd7f08ba3846269e6932375c1a7bdb4ed3bfe062ba7bcd5a872def4293150a6_amd64",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-27/hub-web-rhel9@sha256:adca5f837877df04696709a4826ccae31e2fdc50aa8bc32fabb4ef40cd51f0ef_arm64 as a component of Red Hat Ansible Automation Platform 2.7",
"product_id": "Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/hub-web-rhel9@sha256:adca5f837877df04696709a4826ccae31e2fdc50aa8bc32fabb4ef40cd51f0ef_arm64"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-27/hub-web-rhel9@sha256:adca5f837877df04696709a4826ccae31e2fdc50aa8bc32fabb4ef40cd51f0ef_arm64",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-27/hub-web-rhel9@sha256:fb8342f0f6b8322194bc357c7d9c9d89ef6ca052b88c5618bbf768f555a54b13_amd64 as a component of Red Hat Ansible Automation Platform 2.7",
"product_id": "Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/hub-web-rhel9@sha256:fb8342f0f6b8322194bc357c7d9c9d89ef6ca052b88c5618bbf768f555a54b13_amd64"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-27/hub-web-rhel9@sha256:fb8342f0f6b8322194bc357c7d9c9d89ef6ca052b88c5618bbf768f555a54b13_amd64",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-27/lightspeed-chatbot-rhel9@sha256:2fab408777ea512f3cf8ac57d5989fa0017f6352dcead3a320d348a3e2ac1004_amd64 as a component of Red Hat Ansible Automation Platform 2.7",
"product_id": "Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/lightspeed-chatbot-rhel9@sha256:2fab408777ea512f3cf8ac57d5989fa0017f6352dcead3a320d348a3e2ac1004_amd64"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-27/lightspeed-chatbot-rhel9@sha256:2fab408777ea512f3cf8ac57d5989fa0017f6352dcead3a320d348a3e2ac1004_amd64",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-27/lightspeed-chatbot-rhel9@sha256:c014148a6140721bb7733d5f30c7adbe3e2cc6f8a7cd6c3a939ab96f8c9420ee_arm64 as a component of Red Hat Ansible Automation Platform 2.7",
"product_id": "Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/lightspeed-chatbot-rhel9@sha256:c014148a6140721bb7733d5f30c7adbe3e2cc6f8a7cd6c3a939ab96f8c9420ee_arm64"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-27/lightspeed-chatbot-rhel9@sha256:c014148a6140721bb7733d5f30c7adbe3e2cc6f8a7cd6c3a939ab96f8c9420ee_arm64",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-27/lightspeed-rhel9-operator@sha256:121e0bfb87b57655db4a735762a26e23f1b3de7b105cbf09bb300043601c1b43_arm64 as a component of Red Hat Ansible Automation Platform 2.7",
"product_id": "Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/lightspeed-rhel9-operator@sha256:121e0bfb87b57655db4a735762a26e23f1b3de7b105cbf09bb300043601c1b43_arm64"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-27/lightspeed-rhel9-operator@sha256:121e0bfb87b57655db4a735762a26e23f1b3de7b105cbf09bb300043601c1b43_arm64",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-27/lightspeed-rhel9-operator@sha256:6a06579accd268ca5203edab2e46b89166ae6024507cc5b4bed2e126cdef7986_amd64 as a component of Red Hat Ansible Automation Platform 2.7",
"product_id": "Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/lightspeed-rhel9-operator@sha256:6a06579accd268ca5203edab2e46b89166ae6024507cc5b4bed2e126cdef7986_amd64"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-27/lightspeed-rhel9-operator@sha256:6a06579accd268ca5203edab2e46b89166ae6024507cc5b4bed2e126cdef7986_amd64",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-27/lightspeed-rhel9@sha256:d02ae0212655f8ef70afc7a0656a2fbc95468228b003f6940d01cf4abeb5325b_arm64 as a component of Red Hat Ansible Automation Platform 2.7",
"product_id": "Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/lightspeed-rhel9@sha256:d02ae0212655f8ef70afc7a0656a2fbc95468228b003f6940d01cf4abeb5325b_arm64"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-27/lightspeed-rhel9@sha256:d02ae0212655f8ef70afc7a0656a2fbc95468228b003f6940d01cf4abeb5325b_arm64",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-27/lightspeed-rhel9@sha256:d10f226739a001a0efc0178f19a73fad722dc85484017d13f388f749a374ffea_amd64 as a component of Red Hat Ansible Automation Platform 2.7",
"product_id": "Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/lightspeed-rhel9@sha256:d10f226739a001a0efc0178f19a73fad722dc85484017d13f388f749a374ffea_amd64"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-27/lightspeed-rhel9@sha256:d10f226739a001a0efc0178f19a73fad722dc85484017d13f388f749a374ffea_amd64",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-27/mcp-server-rhel9@sha256:302cf11b0faed78e07e863d4b1e7e31db47590b571239385475d8a4c3cda47dc_arm64 as a component of Red Hat Ansible Automation Platform 2.7",
"product_id": "Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/mcp-server-rhel9@sha256:302cf11b0faed78e07e863d4b1e7e31db47590b571239385475d8a4c3cda47dc_arm64"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-27/mcp-server-rhel9@sha256:302cf11b0faed78e07e863d4b1e7e31db47590b571239385475d8a4c3cda47dc_arm64",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-27/mcp-server-rhel9@sha256:7dbf390d29d295f346662b605448a9748e24b8f541a84f55b6b7c81b87c46025_amd64 as a component of Red Hat Ansible Automation Platform 2.7",
"product_id": "Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/mcp-server-rhel9@sha256:7dbf390d29d295f346662b605448a9748e24b8f541a84f55b6b7c81b87c46025_amd64"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-27/mcp-server-rhel9@sha256:7dbf390d29d295f346662b605448a9748e24b8f541a84f55b6b7c81b87c46025_amd64",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-27/mcp-tools-rhel9@sha256:e6c019048612b124e9a2100220d46f242f0fd2302bbe42e674bf84c21a56b733_amd64 as a component of Red Hat Ansible Automation Platform 2.7",
"product_id": "Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/mcp-tools-rhel9@sha256:e6c019048612b124e9a2100220d46f242f0fd2302bbe42e674bf84c21a56b733_amd64"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-27/mcp-tools-rhel9@sha256:e6c019048612b124e9a2100220d46f242f0fd2302bbe42e674bf84c21a56b733_amd64",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-27/mcp-tools-rhel9@sha256:f07206e7881bd11636bebb95f7ec9a70cc817f07d7b34f792265a5ec91d4432b_arm64 as a component of Red Hat Ansible Automation Platform 2.7",
"product_id": "Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/mcp-tools-rhel9@sha256:f07206e7881bd11636bebb95f7ec9a70cc817f07d7b34f792265a5ec91d4432b_arm64"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-27/mcp-tools-rhel9@sha256:f07206e7881bd11636bebb95f7ec9a70cc817f07d7b34f792265a5ec91d4432b_arm64",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-27/metrics-service-rhel9-operator@sha256:7007f666eadfd7294801e6412e624dbc4bd2288f13ea8820ee55e7552f471831_amd64 as a component of Red Hat Ansible Automation Platform 2.7",
"product_id": "Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/metrics-service-rhel9-operator@sha256:7007f666eadfd7294801e6412e624dbc4bd2288f13ea8820ee55e7552f471831_amd64"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-27/metrics-service-rhel9-operator@sha256:7007f666eadfd7294801e6412e624dbc4bd2288f13ea8820ee55e7552f471831_amd64",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-27/metrics-service-rhel9-operator@sha256:d71829d8bd9bfdba7d248e2e2cd5795139382947889b71bb96b27f7d443e1591_arm64 as a component of Red Hat Ansible Automation Platform 2.7",
"product_id": "Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/metrics-service-rhel9-operator@sha256:d71829d8bd9bfdba7d248e2e2cd5795139382947889b71bb96b27f7d443e1591_arm64"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-27/metrics-service-rhel9-operator@sha256:d71829d8bd9bfdba7d248e2e2cd5795139382947889b71bb96b27f7d443e1591_arm64",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-27/metrics-service-rhel9@sha256:ce4ef5c8af91d2056a034f9559a5d92742b18aea7aeaf03d2bacfa92d67c5b9b_arm64 as a component of Red Hat Ansible Automation Platform 2.7",
"product_id": "Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/metrics-service-rhel9@sha256:ce4ef5c8af91d2056a034f9559a5d92742b18aea7aeaf03d2bacfa92d67c5b9b_arm64"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-27/metrics-service-rhel9@sha256:ce4ef5c8af91d2056a034f9559a5d92742b18aea7aeaf03d2bacfa92d67c5b9b_arm64",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-27/metrics-service-rhel9@sha256:ee347c1a7b52e512d6bdd65afda44f0e372abbaf4c1f81750f23fc473becf777_amd64 as a component of Red Hat Ansible Automation Platform 2.7",
"product_id": "Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/metrics-service-rhel9@sha256:ee347c1a7b52e512d6bdd65afda44f0e372abbaf4c1f81750f23fc473becf777_amd64"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-27/metrics-service-rhel9@sha256:ee347c1a7b52e512d6bdd65afda44f0e372abbaf4c1f81750f23fc473becf777_amd64",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-27/platform-resource-rhel9-operator@sha256:3641db944490dd326c814487e1c10d5d9d079ba74f8321930ab277fe44b51705_amd64 as a component of Red Hat Ansible Automation Platform 2.7",
"product_id": "Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/platform-resource-rhel9-operator@sha256:3641db944490dd326c814487e1c10d5d9d079ba74f8321930ab277fe44b51705_amd64"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-27/platform-resource-rhel9-operator@sha256:3641db944490dd326c814487e1c10d5d9d079ba74f8321930ab277fe44b51705_amd64",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-27/platform-resource-rhel9-operator@sha256:7e6ea2d4253efb0aaabce270c56bf8ef84148592862608f501b639566b9996f0_arm64 as a component of Red Hat Ansible Automation Platform 2.7",
"product_id": "Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/platform-resource-rhel9-operator@sha256:7e6ea2d4253efb0aaabce270c56bf8ef84148592862608f501b639566b9996f0_arm64"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-27/platform-resource-rhel9-operator@sha256:7e6ea2d4253efb0aaabce270c56bf8ef84148592862608f501b639566b9996f0_arm64",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-27/platform-resource-runner-rhel9@sha256:41c9292a512f44347fc348afd6846e7e8832abde31452ee12ec8eca235acdce4_amd64 as a component of Red Hat Ansible Automation Platform 2.7",
"product_id": "Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/platform-resource-runner-rhel9@sha256:41c9292a512f44347fc348afd6846e7e8832abde31452ee12ec8eca235acdce4_amd64"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-27/platform-resource-runner-rhel9@sha256:41c9292a512f44347fc348afd6846e7e8832abde31452ee12ec8eca235acdce4_amd64",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-27/platform-resource-runner-rhel9@sha256:f30a9515d678d60e9ac035b876ecdaaa8a4852c87fe55e16bcabf598ad447b14_arm64 as a component of Red Hat Ansible Automation Platform 2.7",
"product_id": "Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/platform-resource-runner-rhel9@sha256:f30a9515d678d60e9ac035b876ecdaaa8a4852c87fe55e16bcabf598ad447b14_arm64"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-27/platform-resource-runner-rhel9@sha256:f30a9515d678d60e9ac035b876ecdaaa8a4852c87fe55e16bcabf598ad447b14_arm64",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-27/receptor-rhel9@sha256:1ad72d1f577d63894eec4278c1b92b6e295cb3c0543b4dd2e93750c2cc83d535_amd64 as a component of Red Hat Ansible Automation Platform 2.7",
"product_id": "Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/receptor-rhel9@sha256:1ad72d1f577d63894eec4278c1b92b6e295cb3c0543b4dd2e93750c2cc83d535_amd64"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-27/receptor-rhel9@sha256:1ad72d1f577d63894eec4278c1b92b6e295cb3c0543b4dd2e93750c2cc83d535_amd64",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-27/receptor-rhel9@sha256:5c5bc6761dbd47effea36014affa352bddd5a18696377967f1f50b75df2741fe_arm64 as a component of Red Hat Ansible Automation Platform 2.7",
"product_id": "Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/receptor-rhel9@sha256:5c5bc6761dbd47effea36014affa352bddd5a18696377967f1f50b75df2741fe_arm64"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-27/receptor-rhel9@sha256:5c5bc6761dbd47effea36014affa352bddd5a18696377967f1f50b75df2741fe_arm64",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform/platform-operator-bundle@sha256:32560cdb08b7da9d671f9b035e595971c5bdf865c56eb6825b9a4910add1b9cf_amd64 as a component of Red Hat Ansible Automation Platform 2.7",
"product_id": "Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform/platform-operator-bundle@sha256:32560cdb08b7da9d671f9b035e595971c5bdf865c56eb6825b9a4910add1b9cf_amd64"
},
"product_reference": "registry.redhat.io/ansible-automation-platform/platform-operator-bundle@sha256:32560cdb08b7da9d671f9b035e595971c5bdf865c56eb6825b9a4910add1b9cf_amd64",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform/platform-operator-bundle@sha256:8ef224281fd23b4203da09336df25550db17b01f025e99b8e9821d4bc3ddedfc_amd64 as a component of Red Hat Ansible Automation Platform 2.7",
"product_id": "Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform/platform-operator-bundle@sha256:8ef224281fd23b4203da09336df25550db17b01f025e99b8e9821d4bc3ddedfc_amd64"
},
"product_reference": "registry.redhat.io/ansible-automation-platform/platform-operator-bundle@sha256:8ef224281fd23b4203da09336df25550db17b01f025e99b8e9821d4bc3ddedfc_amd64",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.7"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"Laura Pardo"
],
"organization": "Red Hat Inc.",
"summary": "This issue was discovered by Red Hat."
}
],
"cve": "CVE-2026-44188",
"cwe": {
"id": "CWE-613",
"name": "Insufficient Session Expiration"
},
"discovery_date": "2026-05-05T15:02:26.016000+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/aap-must-gather-rhel9@sha256:51ed36bb2a95df762fa0239faf7bcc70b68dbd5f744bd2094f5e29ecc6700eb3_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/aap-must-gather-rhel9@sha256:8426a97219763cb74366755416683d79e8b56c95da290b0fa2fff59a5db51db3_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/ansible-builder-rhel9@sha256:0ddbc5f91472e5872912da6131e71df85e87b79ef8ea3d38bb4247f1456d4a00_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/ansible-builder-rhel9@sha256:f75e2056244899ae5e2ecab1404663bf554f7451cc521e0d7a75a2f40ecac7a1_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/ansible-dev-tools-rhel9@sha256:7dcd3a60624fa4f6c9f591ef8ffc48ba0f5152b7108a6070fa8f680c20168c95_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/ansible-dev-tools-rhel9@sha256:a8135ef1879793f311f2661c380bd5fbbedc14a4d195aeaa5a4cb04ad4845f49_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/ansible-devspaces-rhel9@sha256:2211c0e7cd573bf30873329c46e91f98ff01fcb7e0753823d4c0517217c31ac3_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/ansible-devspaces-rhel9@sha256:a6903f68684eb8f5bc688b75e390727b5ed48b864784657e49611966266c9f3f_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/controller-rhel9-operator@sha256:5ffa88952441ddab19ada1bd2603e3614b75d10ef51e38098c2d22d8b358b518_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/controller-rhel9-operator@sha256:afca3fb56256dcb7cb04a67fb52bff0160064c65f901a70fa3e97ed30ddaab7a_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/controller-rhel9@sha256:5e1a04dbcddc141f0026ccee871050cf974175b62c3d22b33e5ec3aec54128d3_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/controller-rhel9@sha256:ddb59951ccb324d8bd6ae9c6a6093f211bcb08d8cac7c4fb10f191e421aa59d3_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/de-minimal-rhel9@sha256:55ad63ce31700829d0df23692d02cb7796404b122f790f9329f4b742c5f6783e_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/de-minimal-rhel9@sha256:587ec88d08d4113f07778f81aae6de62c9e9d971b677b1375b547aa7dd1178c8_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/de-supported-rhel9@sha256:5aa7b2e33b9480f45faf8b4686bfb264838b5c1c62c537c5a2ec7b5a8617ac49_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/de-supported-rhel9@sha256:830fa58a60fbd7f768e236b2052edd1d37fc7cf383a0ccd65483b09fa5b07bd2_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/eda-controller-rhel9-operator@sha256:a18f77ccf6c524f5d0c11d34d6787b22548194b6897abd491de85b00fc1befd3_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/eda-controller-rhel9-operator@sha256:b58803576b7a2e119ffe83ceb252d8d402f1611c891c2c6ac7c4e0399acd848f_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/eda-controller-rhel9@sha256:daefffce756c8c7918377279ada50a9cc127ab0939ed308c786940d5dc42e0d9_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/eda-controller-rhel9@sha256:dfde61892d055e89b056f7fb8863f3a0961df2bb8890323b8301670fc8afc66b_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/eda-controller-ui-rhel9@sha256:bd7350b62eb0f2de274eafd7dc32e4cf3073bd597e282268ff17777b9fe5d102_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/eda-controller-ui-rhel9@sha256:fe72e508123fdd2795959017e5572689b039d5bdfc675dc45673c5586fceea17_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/ee-minimal-rhel9@sha256:abaebe0c1fbc2a013fad8ec411a449705c8a78759b82ddbe661afd99e90dada5_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/ee-minimal-rhel9@sha256:c4f9e3356a2217008bd6f69325ae74d547703f1bcfe39bd74737f30c6914f711_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/ee-supported-rhel9@sha256:017495624b22a5825231dd70443dc9ab359da0df5ea16a5a04e0f4dc915b6e0f_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/ee-supported-rhel9@sha256:fcb7685115cfbf0a10ef87d6bb7a43c251c207a4fd7a31c5908cad85b6ae0e1a_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/gateway-proxy-rhel9@sha256:d15bd832817f039fa3c09d6d74088254b6fae15a5efed7a88279a657b2f23f16_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/gateway-proxy-rhel9@sha256:e78dd744714feae5ae944c759759bff17c061c7ed2d3bd1454ba763131ed6ee0_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/gateway-rhel9-operator@sha256:de3d43a8d9a2cf0d533337e825b078205cc37b01c935a4f68ac152a8a7a7533c_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/gateway-rhel9-operator@sha256:eca1f9bd16210653a372e34a4f40ca4d6330618a2acba64f6f7c2e8e95026da1_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/gateway-rhel9@sha256:a961d06200887f646ed797932c3159634581fe144e5f29f1fef47ddc859eed31_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/gateway-rhel9@sha256:bd28a84fe3b750313749ec80d44cac88c7b06408b0caceea08d303f51c1f559a_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/hub-rhel9-operator@sha256:3312c6acd7a577bd8b3ccda5a65f8505ff76e2acc7a46e7f290a49dfb53cfac4_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/hub-rhel9-operator@sha256:c738cf5ef020b44a404402ddd660afc3d418a758751f848068bda4bc5bce0e35_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/hub-rhel9@sha256:3a04de6f43c1352f5df5c5a9e19fd8aad23d2921d23dcef8a9f5e121a87fe800_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/hub-rhel9@sha256:cdd7f08ba3846269e6932375c1a7bdb4ed3bfe062ba7bcd5a872def4293150a6_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/hub-web-rhel9@sha256:adca5f837877df04696709a4826ccae31e2fdc50aa8bc32fabb4ef40cd51f0ef_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/hub-web-rhel9@sha256:fb8342f0f6b8322194bc357c7d9c9d89ef6ca052b88c5618bbf768f555a54b13_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/lightspeed-chatbot-rhel9@sha256:2fab408777ea512f3cf8ac57d5989fa0017f6352dcead3a320d348a3e2ac1004_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/lightspeed-chatbot-rhel9@sha256:c014148a6140721bb7733d5f30c7adbe3e2cc6f8a7cd6c3a939ab96f8c9420ee_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/lightspeed-rhel9-operator@sha256:121e0bfb87b57655db4a735762a26e23f1b3de7b105cbf09bb300043601c1b43_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/lightspeed-rhel9-operator@sha256:6a06579accd268ca5203edab2e46b89166ae6024507cc5b4bed2e126cdef7986_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/mcp-server-rhel9@sha256:302cf11b0faed78e07e863d4b1e7e31db47590b571239385475d8a4c3cda47dc_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/mcp-server-rhel9@sha256:7dbf390d29d295f346662b605448a9748e24b8f541a84f55b6b7c81b87c46025_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/mcp-tools-rhel9@sha256:e6c019048612b124e9a2100220d46f242f0fd2302bbe42e674bf84c21a56b733_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/mcp-tools-rhel9@sha256:f07206e7881bd11636bebb95f7ec9a70cc817f07d7b34f792265a5ec91d4432b_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/metrics-service-rhel9-operator@sha256:7007f666eadfd7294801e6412e624dbc4bd2288f13ea8820ee55e7552f471831_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/metrics-service-rhel9-operator@sha256:d71829d8bd9bfdba7d248e2e2cd5795139382947889b71bb96b27f7d443e1591_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/metrics-service-rhel9@sha256:ce4ef5c8af91d2056a034f9559a5d92742b18aea7aeaf03d2bacfa92d67c5b9b_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/metrics-service-rhel9@sha256:ee347c1a7b52e512d6bdd65afda44f0e372abbaf4c1f81750f23fc473becf777_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/platform-resource-rhel9-operator@sha256:3641db944490dd326c814487e1c10d5d9d079ba74f8321930ab277fe44b51705_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/platform-resource-rhel9-operator@sha256:7e6ea2d4253efb0aaabce270c56bf8ef84148592862608f501b639566b9996f0_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/platform-resource-runner-rhel9@sha256:41c9292a512f44347fc348afd6846e7e8832abde31452ee12ec8eca235acdce4_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/platform-resource-runner-rhel9@sha256:f30a9515d678d60e9ac035b876ecdaaa8a4852c87fe55e16bcabf598ad447b14_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/receptor-rhel9@sha256:1ad72d1f577d63894eec4278c1b92b6e295cb3c0543b4dd2e93750c2cc83d535_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/receptor-rhel9@sha256:5c5bc6761dbd47effea36014affa352bddd5a18696377967f1f50b75df2741fe_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform/platform-operator-bundle@sha256:32560cdb08b7da9d671f9b035e595971c5bdf865c56eb6825b9a4910add1b9cf_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform/platform-operator-bundle@sha256:8ef224281fd23b4203da09336df25550db17b01f025e99b8e9821d4bc3ddedfc_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2466764"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Ansible Lightspeed. This vulnerability, related to insufficient session expiration, allows a remote attacker to maintain persistent access to the Ansible Lightspeed instance. If an attacker exfiltrates a valid OAuth (Open Authorization) access token before a user logs out, they can continue to authenticate and access sensitive data. This is because the application fails to invalidate the token on the backend, leaving it valid until its natural expiration. This can lead to unauthorized read access to Ansible resources such as inventories, playbooks, and configuration data.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "ansible-lightspeed: Ansible Lightspeed: Session hijacking and unauthorized data access due to insufficient session expiration",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This Moderate vulnerability in Ansible Lightspeed allows for post-logout session hijacking. An attacker who obtains a valid OAuth token before a user logs out can maintain persistent unauthorized access to Ansible Automation Platform resources, including inventories and playbooks, because the backend token is not invalidated upon client-side logout. This risk is primarily for data confidentiality, as current token scopes are read-only.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/lightspeed-rhel9@sha256:d02ae0212655f8ef70afc7a0656a2fbc95468228b003f6940d01cf4abeb5325b_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/lightspeed-rhel9@sha256:d10f226739a001a0efc0178f19a73fad722dc85484017d13f388f749a374ffea_amd64"
],
"known_not_affected": [
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/aap-must-gather-rhel9@sha256:51ed36bb2a95df762fa0239faf7bcc70b68dbd5f744bd2094f5e29ecc6700eb3_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/aap-must-gather-rhel9@sha256:8426a97219763cb74366755416683d79e8b56c95da290b0fa2fff59a5db51db3_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/ansible-builder-rhel9@sha256:0ddbc5f91472e5872912da6131e71df85e87b79ef8ea3d38bb4247f1456d4a00_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/ansible-builder-rhel9@sha256:f75e2056244899ae5e2ecab1404663bf554f7451cc521e0d7a75a2f40ecac7a1_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/ansible-dev-tools-rhel9@sha256:7dcd3a60624fa4f6c9f591ef8ffc48ba0f5152b7108a6070fa8f680c20168c95_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/ansible-dev-tools-rhel9@sha256:a8135ef1879793f311f2661c380bd5fbbedc14a4d195aeaa5a4cb04ad4845f49_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/ansible-devspaces-rhel9@sha256:2211c0e7cd573bf30873329c46e91f98ff01fcb7e0753823d4c0517217c31ac3_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/ansible-devspaces-rhel9@sha256:a6903f68684eb8f5bc688b75e390727b5ed48b864784657e49611966266c9f3f_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/controller-rhel9-operator@sha256:5ffa88952441ddab19ada1bd2603e3614b75d10ef51e38098c2d22d8b358b518_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/controller-rhel9-operator@sha256:afca3fb56256dcb7cb04a67fb52bff0160064c65f901a70fa3e97ed30ddaab7a_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/controller-rhel9@sha256:5e1a04dbcddc141f0026ccee871050cf974175b62c3d22b33e5ec3aec54128d3_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/controller-rhel9@sha256:ddb59951ccb324d8bd6ae9c6a6093f211bcb08d8cac7c4fb10f191e421aa59d3_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/de-minimal-rhel9@sha256:55ad63ce31700829d0df23692d02cb7796404b122f790f9329f4b742c5f6783e_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/de-minimal-rhel9@sha256:587ec88d08d4113f07778f81aae6de62c9e9d971b677b1375b547aa7dd1178c8_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/de-supported-rhel9@sha256:5aa7b2e33b9480f45faf8b4686bfb264838b5c1c62c537c5a2ec7b5a8617ac49_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/de-supported-rhel9@sha256:830fa58a60fbd7f768e236b2052edd1d37fc7cf383a0ccd65483b09fa5b07bd2_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/eda-controller-rhel9-operator@sha256:a18f77ccf6c524f5d0c11d34d6787b22548194b6897abd491de85b00fc1befd3_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/eda-controller-rhel9-operator@sha256:b58803576b7a2e119ffe83ceb252d8d402f1611c891c2c6ac7c4e0399acd848f_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/eda-controller-rhel9@sha256:daefffce756c8c7918377279ada50a9cc127ab0939ed308c786940d5dc42e0d9_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/eda-controller-rhel9@sha256:dfde61892d055e89b056f7fb8863f3a0961df2bb8890323b8301670fc8afc66b_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/eda-controller-ui-rhel9@sha256:bd7350b62eb0f2de274eafd7dc32e4cf3073bd597e282268ff17777b9fe5d102_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/eda-controller-ui-rhel9@sha256:fe72e508123fdd2795959017e5572689b039d5bdfc675dc45673c5586fceea17_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/ee-minimal-rhel9@sha256:abaebe0c1fbc2a013fad8ec411a449705c8a78759b82ddbe661afd99e90dada5_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/ee-minimal-rhel9@sha256:c4f9e3356a2217008bd6f69325ae74d547703f1bcfe39bd74737f30c6914f711_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/ee-supported-rhel9@sha256:017495624b22a5825231dd70443dc9ab359da0df5ea16a5a04e0f4dc915b6e0f_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/ee-supported-rhel9@sha256:fcb7685115cfbf0a10ef87d6bb7a43c251c207a4fd7a31c5908cad85b6ae0e1a_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/gateway-proxy-rhel9@sha256:d15bd832817f039fa3c09d6d74088254b6fae15a5efed7a88279a657b2f23f16_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/gateway-proxy-rhel9@sha256:e78dd744714feae5ae944c759759bff17c061c7ed2d3bd1454ba763131ed6ee0_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/gateway-rhel9-operator@sha256:de3d43a8d9a2cf0d533337e825b078205cc37b01c935a4f68ac152a8a7a7533c_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/gateway-rhel9-operator@sha256:eca1f9bd16210653a372e34a4f40ca4d6330618a2acba64f6f7c2e8e95026da1_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/gateway-rhel9@sha256:a961d06200887f646ed797932c3159634581fe144e5f29f1fef47ddc859eed31_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/gateway-rhel9@sha256:bd28a84fe3b750313749ec80d44cac88c7b06408b0caceea08d303f51c1f559a_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/hub-rhel9-operator@sha256:3312c6acd7a577bd8b3ccda5a65f8505ff76e2acc7a46e7f290a49dfb53cfac4_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/hub-rhel9-operator@sha256:c738cf5ef020b44a404402ddd660afc3d418a758751f848068bda4bc5bce0e35_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/hub-rhel9@sha256:3a04de6f43c1352f5df5c5a9e19fd8aad23d2921d23dcef8a9f5e121a87fe800_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/hub-rhel9@sha256:cdd7f08ba3846269e6932375c1a7bdb4ed3bfe062ba7bcd5a872def4293150a6_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/hub-web-rhel9@sha256:adca5f837877df04696709a4826ccae31e2fdc50aa8bc32fabb4ef40cd51f0ef_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/hub-web-rhel9@sha256:fb8342f0f6b8322194bc357c7d9c9d89ef6ca052b88c5618bbf768f555a54b13_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/lightspeed-chatbot-rhel9@sha256:2fab408777ea512f3cf8ac57d5989fa0017f6352dcead3a320d348a3e2ac1004_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/lightspeed-chatbot-rhel9@sha256:c014148a6140721bb7733d5f30c7adbe3e2cc6f8a7cd6c3a939ab96f8c9420ee_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/lightspeed-rhel9-operator@sha256:121e0bfb87b57655db4a735762a26e23f1b3de7b105cbf09bb300043601c1b43_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/lightspeed-rhel9-operator@sha256:6a06579accd268ca5203edab2e46b89166ae6024507cc5b4bed2e126cdef7986_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/mcp-server-rhel9@sha256:302cf11b0faed78e07e863d4b1e7e31db47590b571239385475d8a4c3cda47dc_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/mcp-server-rhel9@sha256:7dbf390d29d295f346662b605448a9748e24b8f541a84f55b6b7c81b87c46025_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/mcp-tools-rhel9@sha256:e6c019048612b124e9a2100220d46f242f0fd2302bbe42e674bf84c21a56b733_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/mcp-tools-rhel9@sha256:f07206e7881bd11636bebb95f7ec9a70cc817f07d7b34f792265a5ec91d4432b_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/metrics-service-rhel9-operator@sha256:7007f666eadfd7294801e6412e624dbc4bd2288f13ea8820ee55e7552f471831_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/metrics-service-rhel9-operator@sha256:d71829d8bd9bfdba7d248e2e2cd5795139382947889b71bb96b27f7d443e1591_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/metrics-service-rhel9@sha256:ce4ef5c8af91d2056a034f9559a5d92742b18aea7aeaf03d2bacfa92d67c5b9b_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/metrics-service-rhel9@sha256:ee347c1a7b52e512d6bdd65afda44f0e372abbaf4c1f81750f23fc473becf777_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/platform-resource-rhel9-operator@sha256:3641db944490dd326c814487e1c10d5d9d079ba74f8321930ab277fe44b51705_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/platform-resource-rhel9-operator@sha256:7e6ea2d4253efb0aaabce270c56bf8ef84148592862608f501b639566b9996f0_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/platform-resource-runner-rhel9@sha256:41c9292a512f44347fc348afd6846e7e8832abde31452ee12ec8eca235acdce4_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/platform-resource-runner-rhel9@sha256:f30a9515d678d60e9ac035b876ecdaaa8a4852c87fe55e16bcabf598ad447b14_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/receptor-rhel9@sha256:1ad72d1f577d63894eec4278c1b92b6e295cb3c0543b4dd2e93750c2cc83d535_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/receptor-rhel9@sha256:5c5bc6761dbd47effea36014affa352bddd5a18696377967f1f50b75df2741fe_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform/platform-operator-bundle@sha256:32560cdb08b7da9d671f9b035e595971c5bdf865c56eb6825b9a4910add1b9cf_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform/platform-operator-bundle@sha256:8ef224281fd23b4203da09336df25550db17b01f025e99b8e9821d4bc3ddedfc_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-44188"
},
{
"category": "external",
"summary": "RHBZ#2466764",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2466764"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-44188",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-44188"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-44188",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44188"
}
],
"release_date": "2026-06-15T08:08:37.961000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-15T08:51:13+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\nFor details on how to apply this update, refer to:\nhttps://docs.redhat.com/en/documentation/red_hat_ansible_automation_platform/2.7#Upgrade",
"product_ids": [
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/lightspeed-rhel9@sha256:d02ae0212655f8ef70afc7a0656a2fbc95468228b003f6940d01cf4abeb5325b_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/lightspeed-rhel9@sha256:d10f226739a001a0efc0178f19a73fad722dc85484017d13f388f749a374ffea_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:25928"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/aap-must-gather-rhel9@sha256:51ed36bb2a95df762fa0239faf7bcc70b68dbd5f744bd2094f5e29ecc6700eb3_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/aap-must-gather-rhel9@sha256:8426a97219763cb74366755416683d79e8b56c95da290b0fa2fff59a5db51db3_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/ansible-builder-rhel9@sha256:0ddbc5f91472e5872912da6131e71df85e87b79ef8ea3d38bb4247f1456d4a00_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/ansible-builder-rhel9@sha256:f75e2056244899ae5e2ecab1404663bf554f7451cc521e0d7a75a2f40ecac7a1_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/ansible-dev-tools-rhel9@sha256:7dcd3a60624fa4f6c9f591ef8ffc48ba0f5152b7108a6070fa8f680c20168c95_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/ansible-dev-tools-rhel9@sha256:a8135ef1879793f311f2661c380bd5fbbedc14a4d195aeaa5a4cb04ad4845f49_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/ansible-devspaces-rhel9@sha256:2211c0e7cd573bf30873329c46e91f98ff01fcb7e0753823d4c0517217c31ac3_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/ansible-devspaces-rhel9@sha256:a6903f68684eb8f5bc688b75e390727b5ed48b864784657e49611966266c9f3f_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/controller-rhel9-operator@sha256:5ffa88952441ddab19ada1bd2603e3614b75d10ef51e38098c2d22d8b358b518_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/controller-rhel9-operator@sha256:afca3fb56256dcb7cb04a67fb52bff0160064c65f901a70fa3e97ed30ddaab7a_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/controller-rhel9@sha256:5e1a04dbcddc141f0026ccee871050cf974175b62c3d22b33e5ec3aec54128d3_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/controller-rhel9@sha256:ddb59951ccb324d8bd6ae9c6a6093f211bcb08d8cac7c4fb10f191e421aa59d3_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/de-minimal-rhel9@sha256:55ad63ce31700829d0df23692d02cb7796404b122f790f9329f4b742c5f6783e_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/de-minimal-rhel9@sha256:587ec88d08d4113f07778f81aae6de62c9e9d971b677b1375b547aa7dd1178c8_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/de-supported-rhel9@sha256:5aa7b2e33b9480f45faf8b4686bfb264838b5c1c62c537c5a2ec7b5a8617ac49_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/de-supported-rhel9@sha256:830fa58a60fbd7f768e236b2052edd1d37fc7cf383a0ccd65483b09fa5b07bd2_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/eda-controller-rhel9-operator@sha256:a18f77ccf6c524f5d0c11d34d6787b22548194b6897abd491de85b00fc1befd3_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/eda-controller-rhel9-operator@sha256:b58803576b7a2e119ffe83ceb252d8d402f1611c891c2c6ac7c4e0399acd848f_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/eda-controller-rhel9@sha256:daefffce756c8c7918377279ada50a9cc127ab0939ed308c786940d5dc42e0d9_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/eda-controller-rhel9@sha256:dfde61892d055e89b056f7fb8863f3a0961df2bb8890323b8301670fc8afc66b_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/eda-controller-ui-rhel9@sha256:bd7350b62eb0f2de274eafd7dc32e4cf3073bd597e282268ff17777b9fe5d102_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/eda-controller-ui-rhel9@sha256:fe72e508123fdd2795959017e5572689b039d5bdfc675dc45673c5586fceea17_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/ee-minimal-rhel9@sha256:abaebe0c1fbc2a013fad8ec411a449705c8a78759b82ddbe661afd99e90dada5_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/ee-minimal-rhel9@sha256:c4f9e3356a2217008bd6f69325ae74d547703f1bcfe39bd74737f30c6914f711_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/ee-supported-rhel9@sha256:017495624b22a5825231dd70443dc9ab359da0df5ea16a5a04e0f4dc915b6e0f_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/ee-supported-rhel9@sha256:fcb7685115cfbf0a10ef87d6bb7a43c251c207a4fd7a31c5908cad85b6ae0e1a_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/gateway-proxy-rhel9@sha256:d15bd832817f039fa3c09d6d74088254b6fae15a5efed7a88279a657b2f23f16_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/gateway-proxy-rhel9@sha256:e78dd744714feae5ae944c759759bff17c061c7ed2d3bd1454ba763131ed6ee0_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/gateway-rhel9-operator@sha256:de3d43a8d9a2cf0d533337e825b078205cc37b01c935a4f68ac152a8a7a7533c_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/gateway-rhel9-operator@sha256:eca1f9bd16210653a372e34a4f40ca4d6330618a2acba64f6f7c2e8e95026da1_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/gateway-rhel9@sha256:a961d06200887f646ed797932c3159634581fe144e5f29f1fef47ddc859eed31_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/gateway-rhel9@sha256:bd28a84fe3b750313749ec80d44cac88c7b06408b0caceea08d303f51c1f559a_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/hub-rhel9-operator@sha256:3312c6acd7a577bd8b3ccda5a65f8505ff76e2acc7a46e7f290a49dfb53cfac4_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/hub-rhel9-operator@sha256:c738cf5ef020b44a404402ddd660afc3d418a758751f848068bda4bc5bce0e35_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/hub-rhel9@sha256:3a04de6f43c1352f5df5c5a9e19fd8aad23d2921d23dcef8a9f5e121a87fe800_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/hub-rhel9@sha256:cdd7f08ba3846269e6932375c1a7bdb4ed3bfe062ba7bcd5a872def4293150a6_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/hub-web-rhel9@sha256:adca5f837877df04696709a4826ccae31e2fdc50aa8bc32fabb4ef40cd51f0ef_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/hub-web-rhel9@sha256:fb8342f0f6b8322194bc357c7d9c9d89ef6ca052b88c5618bbf768f555a54b13_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/lightspeed-chatbot-rhel9@sha256:2fab408777ea512f3cf8ac57d5989fa0017f6352dcead3a320d348a3e2ac1004_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/lightspeed-chatbot-rhel9@sha256:c014148a6140721bb7733d5f30c7adbe3e2cc6f8a7cd6c3a939ab96f8c9420ee_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/lightspeed-rhel9-operator@sha256:121e0bfb87b57655db4a735762a26e23f1b3de7b105cbf09bb300043601c1b43_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/lightspeed-rhel9-operator@sha256:6a06579accd268ca5203edab2e46b89166ae6024507cc5b4bed2e126cdef7986_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/lightspeed-rhel9@sha256:d02ae0212655f8ef70afc7a0656a2fbc95468228b003f6940d01cf4abeb5325b_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/lightspeed-rhel9@sha256:d10f226739a001a0efc0178f19a73fad722dc85484017d13f388f749a374ffea_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/mcp-server-rhel9@sha256:302cf11b0faed78e07e863d4b1e7e31db47590b571239385475d8a4c3cda47dc_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/mcp-server-rhel9@sha256:7dbf390d29d295f346662b605448a9748e24b8f541a84f55b6b7c81b87c46025_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/mcp-tools-rhel9@sha256:e6c019048612b124e9a2100220d46f242f0fd2302bbe42e674bf84c21a56b733_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/mcp-tools-rhel9@sha256:f07206e7881bd11636bebb95f7ec9a70cc817f07d7b34f792265a5ec91d4432b_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/metrics-service-rhel9-operator@sha256:7007f666eadfd7294801e6412e624dbc4bd2288f13ea8820ee55e7552f471831_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/metrics-service-rhel9-operator@sha256:d71829d8bd9bfdba7d248e2e2cd5795139382947889b71bb96b27f7d443e1591_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/metrics-service-rhel9@sha256:ce4ef5c8af91d2056a034f9559a5d92742b18aea7aeaf03d2bacfa92d67c5b9b_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/metrics-service-rhel9@sha256:ee347c1a7b52e512d6bdd65afda44f0e372abbaf4c1f81750f23fc473becf777_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/platform-resource-rhel9-operator@sha256:3641db944490dd326c814487e1c10d5d9d079ba74f8321930ab277fe44b51705_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/platform-resource-rhel9-operator@sha256:7e6ea2d4253efb0aaabce270c56bf8ef84148592862608f501b639566b9996f0_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/platform-resource-runner-rhel9@sha256:41c9292a512f44347fc348afd6846e7e8832abde31452ee12ec8eca235acdce4_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/platform-resource-runner-rhel9@sha256:f30a9515d678d60e9ac035b876ecdaaa8a4852c87fe55e16bcabf598ad447b14_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/receptor-rhel9@sha256:1ad72d1f577d63894eec4278c1b92b6e295cb3c0543b4dd2e93750c2cc83d535_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/receptor-rhel9@sha256:5c5bc6761dbd47effea36014affa352bddd5a18696377967f1f50b75df2741fe_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform/platform-operator-bundle@sha256:32560cdb08b7da9d671f9b035e595971c5bdf865c56eb6825b9a4910add1b9cf_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform/platform-operator-bundle@sha256:8ef224281fd23b4203da09336df25550db17b01f025e99b8e9821d4bc3ddedfc_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/aap-must-gather-rhel9@sha256:51ed36bb2a95df762fa0239faf7bcc70b68dbd5f744bd2094f5e29ecc6700eb3_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/aap-must-gather-rhel9@sha256:8426a97219763cb74366755416683d79e8b56c95da290b0fa2fff59a5db51db3_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/ansible-builder-rhel9@sha256:0ddbc5f91472e5872912da6131e71df85e87b79ef8ea3d38bb4247f1456d4a00_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/ansible-builder-rhel9@sha256:f75e2056244899ae5e2ecab1404663bf554f7451cc521e0d7a75a2f40ecac7a1_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/ansible-dev-tools-rhel9@sha256:7dcd3a60624fa4f6c9f591ef8ffc48ba0f5152b7108a6070fa8f680c20168c95_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/ansible-dev-tools-rhel9@sha256:a8135ef1879793f311f2661c380bd5fbbedc14a4d195aeaa5a4cb04ad4845f49_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/ansible-devspaces-rhel9@sha256:2211c0e7cd573bf30873329c46e91f98ff01fcb7e0753823d4c0517217c31ac3_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/ansible-devspaces-rhel9@sha256:a6903f68684eb8f5bc688b75e390727b5ed48b864784657e49611966266c9f3f_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/controller-rhel9-operator@sha256:5ffa88952441ddab19ada1bd2603e3614b75d10ef51e38098c2d22d8b358b518_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/controller-rhel9-operator@sha256:afca3fb56256dcb7cb04a67fb52bff0160064c65f901a70fa3e97ed30ddaab7a_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/controller-rhel9@sha256:5e1a04dbcddc141f0026ccee871050cf974175b62c3d22b33e5ec3aec54128d3_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/controller-rhel9@sha256:ddb59951ccb324d8bd6ae9c6a6093f211bcb08d8cac7c4fb10f191e421aa59d3_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/de-minimal-rhel9@sha256:55ad63ce31700829d0df23692d02cb7796404b122f790f9329f4b742c5f6783e_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/de-minimal-rhel9@sha256:587ec88d08d4113f07778f81aae6de62c9e9d971b677b1375b547aa7dd1178c8_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/de-supported-rhel9@sha256:5aa7b2e33b9480f45faf8b4686bfb264838b5c1c62c537c5a2ec7b5a8617ac49_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/de-supported-rhel9@sha256:830fa58a60fbd7f768e236b2052edd1d37fc7cf383a0ccd65483b09fa5b07bd2_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/eda-controller-rhel9-operator@sha256:a18f77ccf6c524f5d0c11d34d6787b22548194b6897abd491de85b00fc1befd3_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/eda-controller-rhel9-operator@sha256:b58803576b7a2e119ffe83ceb252d8d402f1611c891c2c6ac7c4e0399acd848f_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/eda-controller-rhel9@sha256:daefffce756c8c7918377279ada50a9cc127ab0939ed308c786940d5dc42e0d9_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/eda-controller-rhel9@sha256:dfde61892d055e89b056f7fb8863f3a0961df2bb8890323b8301670fc8afc66b_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/eda-controller-ui-rhel9@sha256:bd7350b62eb0f2de274eafd7dc32e4cf3073bd597e282268ff17777b9fe5d102_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/eda-controller-ui-rhel9@sha256:fe72e508123fdd2795959017e5572689b039d5bdfc675dc45673c5586fceea17_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/ee-minimal-rhel9@sha256:abaebe0c1fbc2a013fad8ec411a449705c8a78759b82ddbe661afd99e90dada5_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/ee-minimal-rhel9@sha256:c4f9e3356a2217008bd6f69325ae74d547703f1bcfe39bd74737f30c6914f711_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/ee-supported-rhel9@sha256:017495624b22a5825231dd70443dc9ab359da0df5ea16a5a04e0f4dc915b6e0f_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/ee-supported-rhel9@sha256:fcb7685115cfbf0a10ef87d6bb7a43c251c207a4fd7a31c5908cad85b6ae0e1a_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/gateway-proxy-rhel9@sha256:d15bd832817f039fa3c09d6d74088254b6fae15a5efed7a88279a657b2f23f16_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/gateway-proxy-rhel9@sha256:e78dd744714feae5ae944c759759bff17c061c7ed2d3bd1454ba763131ed6ee0_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/gateway-rhel9-operator@sha256:de3d43a8d9a2cf0d533337e825b078205cc37b01c935a4f68ac152a8a7a7533c_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/gateway-rhel9-operator@sha256:eca1f9bd16210653a372e34a4f40ca4d6330618a2acba64f6f7c2e8e95026da1_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/gateway-rhel9@sha256:a961d06200887f646ed797932c3159634581fe144e5f29f1fef47ddc859eed31_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/gateway-rhel9@sha256:bd28a84fe3b750313749ec80d44cac88c7b06408b0caceea08d303f51c1f559a_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/hub-rhel9-operator@sha256:3312c6acd7a577bd8b3ccda5a65f8505ff76e2acc7a46e7f290a49dfb53cfac4_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/hub-rhel9-operator@sha256:c738cf5ef020b44a404402ddd660afc3d418a758751f848068bda4bc5bce0e35_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/hub-rhel9@sha256:3a04de6f43c1352f5df5c5a9e19fd8aad23d2921d23dcef8a9f5e121a87fe800_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/hub-rhel9@sha256:cdd7f08ba3846269e6932375c1a7bdb4ed3bfe062ba7bcd5a872def4293150a6_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/hub-web-rhel9@sha256:adca5f837877df04696709a4826ccae31e2fdc50aa8bc32fabb4ef40cd51f0ef_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/hub-web-rhel9@sha256:fb8342f0f6b8322194bc357c7d9c9d89ef6ca052b88c5618bbf768f555a54b13_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/lightspeed-chatbot-rhel9@sha256:2fab408777ea512f3cf8ac57d5989fa0017f6352dcead3a320d348a3e2ac1004_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/lightspeed-chatbot-rhel9@sha256:c014148a6140721bb7733d5f30c7adbe3e2cc6f8a7cd6c3a939ab96f8c9420ee_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/lightspeed-rhel9-operator@sha256:121e0bfb87b57655db4a735762a26e23f1b3de7b105cbf09bb300043601c1b43_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/lightspeed-rhel9-operator@sha256:6a06579accd268ca5203edab2e46b89166ae6024507cc5b4bed2e126cdef7986_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/lightspeed-rhel9@sha256:d02ae0212655f8ef70afc7a0656a2fbc95468228b003f6940d01cf4abeb5325b_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/lightspeed-rhel9@sha256:d10f226739a001a0efc0178f19a73fad722dc85484017d13f388f749a374ffea_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/mcp-server-rhel9@sha256:302cf11b0faed78e07e863d4b1e7e31db47590b571239385475d8a4c3cda47dc_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/mcp-server-rhel9@sha256:7dbf390d29d295f346662b605448a9748e24b8f541a84f55b6b7c81b87c46025_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/mcp-tools-rhel9@sha256:e6c019048612b124e9a2100220d46f242f0fd2302bbe42e674bf84c21a56b733_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/mcp-tools-rhel9@sha256:f07206e7881bd11636bebb95f7ec9a70cc817f07d7b34f792265a5ec91d4432b_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/metrics-service-rhel9-operator@sha256:7007f666eadfd7294801e6412e624dbc4bd2288f13ea8820ee55e7552f471831_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/metrics-service-rhel9-operator@sha256:d71829d8bd9bfdba7d248e2e2cd5795139382947889b71bb96b27f7d443e1591_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/metrics-service-rhel9@sha256:ce4ef5c8af91d2056a034f9559a5d92742b18aea7aeaf03d2bacfa92d67c5b9b_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/metrics-service-rhel9@sha256:ee347c1a7b52e512d6bdd65afda44f0e372abbaf4c1f81750f23fc473becf777_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/platform-resource-rhel9-operator@sha256:3641db944490dd326c814487e1c10d5d9d079ba74f8321930ab277fe44b51705_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/platform-resource-rhel9-operator@sha256:7e6ea2d4253efb0aaabce270c56bf8ef84148592862608f501b639566b9996f0_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/platform-resource-runner-rhel9@sha256:41c9292a512f44347fc348afd6846e7e8832abde31452ee12ec8eca235acdce4_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/platform-resource-runner-rhel9@sha256:f30a9515d678d60e9ac035b876ecdaaa8a4852c87fe55e16bcabf598ad447b14_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/receptor-rhel9@sha256:1ad72d1f577d63894eec4278c1b92b6e295cb3c0543b4dd2e93750c2cc83d535_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/receptor-rhel9@sha256:5c5bc6761dbd47effea36014affa352bddd5a18696377967f1f50b75df2741fe_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform/platform-operator-bundle@sha256:32560cdb08b7da9d671f9b035e595971c5bdf865c56eb6825b9a4910add1b9cf_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform/platform-operator-bundle@sha256:8ef224281fd23b4203da09336df25550db17b01f025e99b8e9821d4bc3ddedfc_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "ansible-lightspeed: Ansible Lightspeed: Session hijacking and unauthorized data access due to insufficient session expiration"
},
{
"cve": "CVE-2026-44431",
"cwe": {
"id": "CWE-201",
"name": "Insertion of Sensitive Information Into Sent Data"
},
"discovery_date": "2026-05-13T17:01:41.663622+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/aap-must-gather-rhel9@sha256:51ed36bb2a95df762fa0239faf7bcc70b68dbd5f744bd2094f5e29ecc6700eb3_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/aap-must-gather-rhel9@sha256:8426a97219763cb74366755416683d79e8b56c95da290b0fa2fff59a5db51db3_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/ansible-builder-rhel9@sha256:0ddbc5f91472e5872912da6131e71df85e87b79ef8ea3d38bb4247f1456d4a00_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/ansible-builder-rhel9@sha256:f75e2056244899ae5e2ecab1404663bf554f7451cc521e0d7a75a2f40ecac7a1_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/ansible-dev-tools-rhel9@sha256:7dcd3a60624fa4f6c9f591ef8ffc48ba0f5152b7108a6070fa8f680c20168c95_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/ansible-dev-tools-rhel9@sha256:a8135ef1879793f311f2661c380bd5fbbedc14a4d195aeaa5a4cb04ad4845f49_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/ansible-devspaces-rhel9@sha256:2211c0e7cd573bf30873329c46e91f98ff01fcb7e0753823d4c0517217c31ac3_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/ansible-devspaces-rhel9@sha256:a6903f68684eb8f5bc688b75e390727b5ed48b864784657e49611966266c9f3f_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/controller-rhel9-operator@sha256:5ffa88952441ddab19ada1bd2603e3614b75d10ef51e38098c2d22d8b358b518_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/controller-rhel9-operator@sha256:afca3fb56256dcb7cb04a67fb52bff0160064c65f901a70fa3e97ed30ddaab7a_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/controller-rhel9@sha256:5e1a04dbcddc141f0026ccee871050cf974175b62c3d22b33e5ec3aec54128d3_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/controller-rhel9@sha256:ddb59951ccb324d8bd6ae9c6a6093f211bcb08d8cac7c4fb10f191e421aa59d3_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/de-minimal-rhel9@sha256:55ad63ce31700829d0df23692d02cb7796404b122f790f9329f4b742c5f6783e_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/de-minimal-rhel9@sha256:587ec88d08d4113f07778f81aae6de62c9e9d971b677b1375b547aa7dd1178c8_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/de-supported-rhel9@sha256:5aa7b2e33b9480f45faf8b4686bfb264838b5c1c62c537c5a2ec7b5a8617ac49_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/de-supported-rhel9@sha256:830fa58a60fbd7f768e236b2052edd1d37fc7cf383a0ccd65483b09fa5b07bd2_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/eda-controller-rhel9-operator@sha256:a18f77ccf6c524f5d0c11d34d6787b22548194b6897abd491de85b00fc1befd3_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/eda-controller-rhel9-operator@sha256:b58803576b7a2e119ffe83ceb252d8d402f1611c891c2c6ac7c4e0399acd848f_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/eda-controller-rhel9@sha256:daefffce756c8c7918377279ada50a9cc127ab0939ed308c786940d5dc42e0d9_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/eda-controller-rhel9@sha256:dfde61892d055e89b056f7fb8863f3a0961df2bb8890323b8301670fc8afc66b_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/eda-controller-ui-rhel9@sha256:bd7350b62eb0f2de274eafd7dc32e4cf3073bd597e282268ff17777b9fe5d102_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/eda-controller-ui-rhel9@sha256:fe72e508123fdd2795959017e5572689b039d5bdfc675dc45673c5586fceea17_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/ee-minimal-rhel9@sha256:abaebe0c1fbc2a013fad8ec411a449705c8a78759b82ddbe661afd99e90dada5_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/ee-minimal-rhel9@sha256:c4f9e3356a2217008bd6f69325ae74d547703f1bcfe39bd74737f30c6914f711_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/ee-supported-rhel9@sha256:017495624b22a5825231dd70443dc9ab359da0df5ea16a5a04e0f4dc915b6e0f_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/ee-supported-rhel9@sha256:fcb7685115cfbf0a10ef87d6bb7a43c251c207a4fd7a31c5908cad85b6ae0e1a_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/gateway-proxy-rhel9@sha256:d15bd832817f039fa3c09d6d74088254b6fae15a5efed7a88279a657b2f23f16_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/gateway-proxy-rhel9@sha256:e78dd744714feae5ae944c759759bff17c061c7ed2d3bd1454ba763131ed6ee0_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/gateway-rhel9-operator@sha256:de3d43a8d9a2cf0d533337e825b078205cc37b01c935a4f68ac152a8a7a7533c_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/gateway-rhel9-operator@sha256:eca1f9bd16210653a372e34a4f40ca4d6330618a2acba64f6f7c2e8e95026da1_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/gateway-rhel9@sha256:a961d06200887f646ed797932c3159634581fe144e5f29f1fef47ddc859eed31_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/gateway-rhel9@sha256:bd28a84fe3b750313749ec80d44cac88c7b06408b0caceea08d303f51c1f559a_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/hub-rhel9-operator@sha256:3312c6acd7a577bd8b3ccda5a65f8505ff76e2acc7a46e7f290a49dfb53cfac4_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/hub-rhel9-operator@sha256:c738cf5ef020b44a404402ddd660afc3d418a758751f848068bda4bc5bce0e35_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/hub-web-rhel9@sha256:adca5f837877df04696709a4826ccae31e2fdc50aa8bc32fabb4ef40cd51f0ef_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/hub-web-rhel9@sha256:fb8342f0f6b8322194bc357c7d9c9d89ef6ca052b88c5618bbf768f555a54b13_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/lightspeed-chatbot-rhel9@sha256:2fab408777ea512f3cf8ac57d5989fa0017f6352dcead3a320d348a3e2ac1004_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/lightspeed-chatbot-rhel9@sha256:c014148a6140721bb7733d5f30c7adbe3e2cc6f8a7cd6c3a939ab96f8c9420ee_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/lightspeed-rhel9-operator@sha256:121e0bfb87b57655db4a735762a26e23f1b3de7b105cbf09bb300043601c1b43_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/lightspeed-rhel9-operator@sha256:6a06579accd268ca5203edab2e46b89166ae6024507cc5b4bed2e126cdef7986_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/lightspeed-rhel9@sha256:d02ae0212655f8ef70afc7a0656a2fbc95468228b003f6940d01cf4abeb5325b_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/lightspeed-rhel9@sha256:d10f226739a001a0efc0178f19a73fad722dc85484017d13f388f749a374ffea_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/mcp-server-rhel9@sha256:302cf11b0faed78e07e863d4b1e7e31db47590b571239385475d8a4c3cda47dc_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/mcp-server-rhel9@sha256:7dbf390d29d295f346662b605448a9748e24b8f541a84f55b6b7c81b87c46025_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/mcp-tools-rhel9@sha256:e6c019048612b124e9a2100220d46f242f0fd2302bbe42e674bf84c21a56b733_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/mcp-tools-rhel9@sha256:f07206e7881bd11636bebb95f7ec9a70cc817f07d7b34f792265a5ec91d4432b_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/metrics-service-rhel9-operator@sha256:7007f666eadfd7294801e6412e624dbc4bd2288f13ea8820ee55e7552f471831_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/metrics-service-rhel9-operator@sha256:d71829d8bd9bfdba7d248e2e2cd5795139382947889b71bb96b27f7d443e1591_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/metrics-service-rhel9@sha256:ce4ef5c8af91d2056a034f9559a5d92742b18aea7aeaf03d2bacfa92d67c5b9b_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/metrics-service-rhel9@sha256:ee347c1a7b52e512d6bdd65afda44f0e372abbaf4c1f81750f23fc473becf777_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/platform-resource-rhel9-operator@sha256:3641db944490dd326c814487e1c10d5d9d079ba74f8321930ab277fe44b51705_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/platform-resource-rhel9-operator@sha256:7e6ea2d4253efb0aaabce270c56bf8ef84148592862608f501b639566b9996f0_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/platform-resource-runner-rhel9@sha256:41c9292a512f44347fc348afd6846e7e8832abde31452ee12ec8eca235acdce4_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/platform-resource-runner-rhel9@sha256:f30a9515d678d60e9ac035b876ecdaaa8a4852c87fe55e16bcabf598ad447b14_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/receptor-rhel9@sha256:1ad72d1f577d63894eec4278c1b92b6e295cb3c0543b4dd2e93750c2cc83d535_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/receptor-rhel9@sha256:5c5bc6761dbd47effea36014affa352bddd5a18696377967f1f50b75df2741fe_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform/platform-operator-bundle@sha256:32560cdb08b7da9d671f9b035e595971c5bdf865c56eb6825b9a4910add1b9cf_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform/platform-operator-bundle@sha256:8ef224281fd23b4203da09336df25550db17b01f025e99b8e9821d4bc3ddedfc_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2477167"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in urllib3, an HTTP client library for Python. When using the low-level API via `ProxyManager.connection_from_url().urlopen()` with `assert_same_host=False`, cross-origin redirects can still forward sensitive headers. This could allow a remote attacker to gain unauthorized access to sensitive information.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "urllib3: urllib3: Information disclosure via cross-origin redirects forwarding sensitive headers",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/hub-rhel9@sha256:3a04de6f43c1352f5df5c5a9e19fd8aad23d2921d23dcef8a9f5e121a87fe800_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/hub-rhel9@sha256:cdd7f08ba3846269e6932375c1a7bdb4ed3bfe062ba7bcd5a872def4293150a6_amd64"
],
"known_not_affected": [
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/aap-must-gather-rhel9@sha256:51ed36bb2a95df762fa0239faf7bcc70b68dbd5f744bd2094f5e29ecc6700eb3_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/aap-must-gather-rhel9@sha256:8426a97219763cb74366755416683d79e8b56c95da290b0fa2fff59a5db51db3_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/ansible-builder-rhel9@sha256:0ddbc5f91472e5872912da6131e71df85e87b79ef8ea3d38bb4247f1456d4a00_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/ansible-builder-rhel9@sha256:f75e2056244899ae5e2ecab1404663bf554f7451cc521e0d7a75a2f40ecac7a1_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/ansible-dev-tools-rhel9@sha256:7dcd3a60624fa4f6c9f591ef8ffc48ba0f5152b7108a6070fa8f680c20168c95_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/ansible-dev-tools-rhel9@sha256:a8135ef1879793f311f2661c380bd5fbbedc14a4d195aeaa5a4cb04ad4845f49_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/ansible-devspaces-rhel9@sha256:2211c0e7cd573bf30873329c46e91f98ff01fcb7e0753823d4c0517217c31ac3_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/ansible-devspaces-rhel9@sha256:a6903f68684eb8f5bc688b75e390727b5ed48b864784657e49611966266c9f3f_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/controller-rhel9-operator@sha256:5ffa88952441ddab19ada1bd2603e3614b75d10ef51e38098c2d22d8b358b518_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/controller-rhel9-operator@sha256:afca3fb56256dcb7cb04a67fb52bff0160064c65f901a70fa3e97ed30ddaab7a_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/controller-rhel9@sha256:5e1a04dbcddc141f0026ccee871050cf974175b62c3d22b33e5ec3aec54128d3_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/controller-rhel9@sha256:ddb59951ccb324d8bd6ae9c6a6093f211bcb08d8cac7c4fb10f191e421aa59d3_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/de-minimal-rhel9@sha256:55ad63ce31700829d0df23692d02cb7796404b122f790f9329f4b742c5f6783e_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/de-minimal-rhel9@sha256:587ec88d08d4113f07778f81aae6de62c9e9d971b677b1375b547aa7dd1178c8_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/de-supported-rhel9@sha256:5aa7b2e33b9480f45faf8b4686bfb264838b5c1c62c537c5a2ec7b5a8617ac49_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/de-supported-rhel9@sha256:830fa58a60fbd7f768e236b2052edd1d37fc7cf383a0ccd65483b09fa5b07bd2_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/eda-controller-rhel9-operator@sha256:a18f77ccf6c524f5d0c11d34d6787b22548194b6897abd491de85b00fc1befd3_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/eda-controller-rhel9-operator@sha256:b58803576b7a2e119ffe83ceb252d8d402f1611c891c2c6ac7c4e0399acd848f_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/eda-controller-rhel9@sha256:daefffce756c8c7918377279ada50a9cc127ab0939ed308c786940d5dc42e0d9_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/eda-controller-rhel9@sha256:dfde61892d055e89b056f7fb8863f3a0961df2bb8890323b8301670fc8afc66b_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/eda-controller-ui-rhel9@sha256:bd7350b62eb0f2de274eafd7dc32e4cf3073bd597e282268ff17777b9fe5d102_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/eda-controller-ui-rhel9@sha256:fe72e508123fdd2795959017e5572689b039d5bdfc675dc45673c5586fceea17_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/ee-minimal-rhel9@sha256:abaebe0c1fbc2a013fad8ec411a449705c8a78759b82ddbe661afd99e90dada5_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/ee-minimal-rhel9@sha256:c4f9e3356a2217008bd6f69325ae74d547703f1bcfe39bd74737f30c6914f711_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/ee-supported-rhel9@sha256:017495624b22a5825231dd70443dc9ab359da0df5ea16a5a04e0f4dc915b6e0f_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/ee-supported-rhel9@sha256:fcb7685115cfbf0a10ef87d6bb7a43c251c207a4fd7a31c5908cad85b6ae0e1a_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/gateway-proxy-rhel9@sha256:d15bd832817f039fa3c09d6d74088254b6fae15a5efed7a88279a657b2f23f16_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/gateway-proxy-rhel9@sha256:e78dd744714feae5ae944c759759bff17c061c7ed2d3bd1454ba763131ed6ee0_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/gateway-rhel9-operator@sha256:de3d43a8d9a2cf0d533337e825b078205cc37b01c935a4f68ac152a8a7a7533c_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/gateway-rhel9-operator@sha256:eca1f9bd16210653a372e34a4f40ca4d6330618a2acba64f6f7c2e8e95026da1_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/gateway-rhel9@sha256:a961d06200887f646ed797932c3159634581fe144e5f29f1fef47ddc859eed31_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/gateway-rhel9@sha256:bd28a84fe3b750313749ec80d44cac88c7b06408b0caceea08d303f51c1f559a_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/hub-rhel9-operator@sha256:3312c6acd7a577bd8b3ccda5a65f8505ff76e2acc7a46e7f290a49dfb53cfac4_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/hub-rhel9-operator@sha256:c738cf5ef020b44a404402ddd660afc3d418a758751f848068bda4bc5bce0e35_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/hub-web-rhel9@sha256:adca5f837877df04696709a4826ccae31e2fdc50aa8bc32fabb4ef40cd51f0ef_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/hub-web-rhel9@sha256:fb8342f0f6b8322194bc357c7d9c9d89ef6ca052b88c5618bbf768f555a54b13_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/lightspeed-chatbot-rhel9@sha256:2fab408777ea512f3cf8ac57d5989fa0017f6352dcead3a320d348a3e2ac1004_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/lightspeed-chatbot-rhel9@sha256:c014148a6140721bb7733d5f30c7adbe3e2cc6f8a7cd6c3a939ab96f8c9420ee_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/lightspeed-rhel9-operator@sha256:121e0bfb87b57655db4a735762a26e23f1b3de7b105cbf09bb300043601c1b43_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/lightspeed-rhel9-operator@sha256:6a06579accd268ca5203edab2e46b89166ae6024507cc5b4bed2e126cdef7986_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/lightspeed-rhel9@sha256:d02ae0212655f8ef70afc7a0656a2fbc95468228b003f6940d01cf4abeb5325b_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/lightspeed-rhel9@sha256:d10f226739a001a0efc0178f19a73fad722dc85484017d13f388f749a374ffea_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/mcp-server-rhel9@sha256:302cf11b0faed78e07e863d4b1e7e31db47590b571239385475d8a4c3cda47dc_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/mcp-server-rhel9@sha256:7dbf390d29d295f346662b605448a9748e24b8f541a84f55b6b7c81b87c46025_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/mcp-tools-rhel9@sha256:e6c019048612b124e9a2100220d46f242f0fd2302bbe42e674bf84c21a56b733_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/mcp-tools-rhel9@sha256:f07206e7881bd11636bebb95f7ec9a70cc817f07d7b34f792265a5ec91d4432b_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/metrics-service-rhel9-operator@sha256:7007f666eadfd7294801e6412e624dbc4bd2288f13ea8820ee55e7552f471831_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/metrics-service-rhel9-operator@sha256:d71829d8bd9bfdba7d248e2e2cd5795139382947889b71bb96b27f7d443e1591_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/metrics-service-rhel9@sha256:ce4ef5c8af91d2056a034f9559a5d92742b18aea7aeaf03d2bacfa92d67c5b9b_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/metrics-service-rhel9@sha256:ee347c1a7b52e512d6bdd65afda44f0e372abbaf4c1f81750f23fc473becf777_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/platform-resource-rhel9-operator@sha256:3641db944490dd326c814487e1c10d5d9d079ba74f8321930ab277fe44b51705_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/platform-resource-rhel9-operator@sha256:7e6ea2d4253efb0aaabce270c56bf8ef84148592862608f501b639566b9996f0_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/platform-resource-runner-rhel9@sha256:41c9292a512f44347fc348afd6846e7e8832abde31452ee12ec8eca235acdce4_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/platform-resource-runner-rhel9@sha256:f30a9515d678d60e9ac035b876ecdaaa8a4852c87fe55e16bcabf598ad447b14_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/receptor-rhel9@sha256:1ad72d1f577d63894eec4278c1b92b6e295cb3c0543b4dd2e93750c2cc83d535_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/receptor-rhel9@sha256:5c5bc6761dbd47effea36014affa352bddd5a18696377967f1f50b75df2741fe_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform/platform-operator-bundle@sha256:32560cdb08b7da9d671f9b035e595971c5bdf865c56eb6825b9a4910add1b9cf_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform/platform-operator-bundle@sha256:8ef224281fd23b4203da09336df25550db17b01f025e99b8e9821d4bc3ddedfc_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-44431"
},
{
"category": "external",
"summary": "RHBZ#2477167",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2477167"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-44431",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-44431"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-44431",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44431"
},
{
"category": "external",
"summary": "https://github.com/urllib3/urllib3/security/advisories/GHSA-qccp-gfcp-xxvc",
"url": "https://github.com/urllib3/urllib3/security/advisories/GHSA-qccp-gfcp-xxvc"
}
],
"release_date": "2026-05-13T15:20:24.588000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-15T08:51:13+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\nFor details on how to apply this update, refer to:\nhttps://docs.redhat.com/en/documentation/red_hat_ansible_automation_platform/2.7#Upgrade",
"product_ids": [
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/hub-rhel9@sha256:3a04de6f43c1352f5df5c5a9e19fd8aad23d2921d23dcef8a9f5e121a87fe800_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/hub-rhel9@sha256:cdd7f08ba3846269e6932375c1a7bdb4ed3bfe062ba7bcd5a872def4293150a6_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:25928"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/aap-must-gather-rhel9@sha256:51ed36bb2a95df762fa0239faf7bcc70b68dbd5f744bd2094f5e29ecc6700eb3_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/aap-must-gather-rhel9@sha256:8426a97219763cb74366755416683d79e8b56c95da290b0fa2fff59a5db51db3_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/ansible-builder-rhel9@sha256:0ddbc5f91472e5872912da6131e71df85e87b79ef8ea3d38bb4247f1456d4a00_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/ansible-builder-rhel9@sha256:f75e2056244899ae5e2ecab1404663bf554f7451cc521e0d7a75a2f40ecac7a1_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/ansible-dev-tools-rhel9@sha256:7dcd3a60624fa4f6c9f591ef8ffc48ba0f5152b7108a6070fa8f680c20168c95_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/ansible-dev-tools-rhel9@sha256:a8135ef1879793f311f2661c380bd5fbbedc14a4d195aeaa5a4cb04ad4845f49_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/ansible-devspaces-rhel9@sha256:2211c0e7cd573bf30873329c46e91f98ff01fcb7e0753823d4c0517217c31ac3_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/ansible-devspaces-rhel9@sha256:a6903f68684eb8f5bc688b75e390727b5ed48b864784657e49611966266c9f3f_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/controller-rhel9-operator@sha256:5ffa88952441ddab19ada1bd2603e3614b75d10ef51e38098c2d22d8b358b518_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/controller-rhel9-operator@sha256:afca3fb56256dcb7cb04a67fb52bff0160064c65f901a70fa3e97ed30ddaab7a_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/controller-rhel9@sha256:5e1a04dbcddc141f0026ccee871050cf974175b62c3d22b33e5ec3aec54128d3_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/controller-rhel9@sha256:ddb59951ccb324d8bd6ae9c6a6093f211bcb08d8cac7c4fb10f191e421aa59d3_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/de-minimal-rhel9@sha256:55ad63ce31700829d0df23692d02cb7796404b122f790f9329f4b742c5f6783e_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/de-minimal-rhel9@sha256:587ec88d08d4113f07778f81aae6de62c9e9d971b677b1375b547aa7dd1178c8_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/de-supported-rhel9@sha256:5aa7b2e33b9480f45faf8b4686bfb264838b5c1c62c537c5a2ec7b5a8617ac49_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/de-supported-rhel9@sha256:830fa58a60fbd7f768e236b2052edd1d37fc7cf383a0ccd65483b09fa5b07bd2_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/eda-controller-rhel9-operator@sha256:a18f77ccf6c524f5d0c11d34d6787b22548194b6897abd491de85b00fc1befd3_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/eda-controller-rhel9-operator@sha256:b58803576b7a2e119ffe83ceb252d8d402f1611c891c2c6ac7c4e0399acd848f_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/eda-controller-rhel9@sha256:daefffce756c8c7918377279ada50a9cc127ab0939ed308c786940d5dc42e0d9_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/eda-controller-rhel9@sha256:dfde61892d055e89b056f7fb8863f3a0961df2bb8890323b8301670fc8afc66b_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/eda-controller-ui-rhel9@sha256:bd7350b62eb0f2de274eafd7dc32e4cf3073bd597e282268ff17777b9fe5d102_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/eda-controller-ui-rhel9@sha256:fe72e508123fdd2795959017e5572689b039d5bdfc675dc45673c5586fceea17_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/ee-minimal-rhel9@sha256:abaebe0c1fbc2a013fad8ec411a449705c8a78759b82ddbe661afd99e90dada5_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/ee-minimal-rhel9@sha256:c4f9e3356a2217008bd6f69325ae74d547703f1bcfe39bd74737f30c6914f711_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/ee-supported-rhel9@sha256:017495624b22a5825231dd70443dc9ab359da0df5ea16a5a04e0f4dc915b6e0f_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/ee-supported-rhel9@sha256:fcb7685115cfbf0a10ef87d6bb7a43c251c207a4fd7a31c5908cad85b6ae0e1a_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/gateway-proxy-rhel9@sha256:d15bd832817f039fa3c09d6d74088254b6fae15a5efed7a88279a657b2f23f16_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/gateway-proxy-rhel9@sha256:e78dd744714feae5ae944c759759bff17c061c7ed2d3bd1454ba763131ed6ee0_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/gateway-rhel9-operator@sha256:de3d43a8d9a2cf0d533337e825b078205cc37b01c935a4f68ac152a8a7a7533c_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/gateway-rhel9-operator@sha256:eca1f9bd16210653a372e34a4f40ca4d6330618a2acba64f6f7c2e8e95026da1_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/gateway-rhel9@sha256:a961d06200887f646ed797932c3159634581fe144e5f29f1fef47ddc859eed31_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/gateway-rhel9@sha256:bd28a84fe3b750313749ec80d44cac88c7b06408b0caceea08d303f51c1f559a_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/hub-rhel9-operator@sha256:3312c6acd7a577bd8b3ccda5a65f8505ff76e2acc7a46e7f290a49dfb53cfac4_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/hub-rhel9-operator@sha256:c738cf5ef020b44a404402ddd660afc3d418a758751f848068bda4bc5bce0e35_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/hub-rhel9@sha256:3a04de6f43c1352f5df5c5a9e19fd8aad23d2921d23dcef8a9f5e121a87fe800_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/hub-rhel9@sha256:cdd7f08ba3846269e6932375c1a7bdb4ed3bfe062ba7bcd5a872def4293150a6_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/hub-web-rhel9@sha256:adca5f837877df04696709a4826ccae31e2fdc50aa8bc32fabb4ef40cd51f0ef_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/hub-web-rhel9@sha256:fb8342f0f6b8322194bc357c7d9c9d89ef6ca052b88c5618bbf768f555a54b13_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/lightspeed-chatbot-rhel9@sha256:2fab408777ea512f3cf8ac57d5989fa0017f6352dcead3a320d348a3e2ac1004_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/lightspeed-chatbot-rhel9@sha256:c014148a6140721bb7733d5f30c7adbe3e2cc6f8a7cd6c3a939ab96f8c9420ee_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/lightspeed-rhel9-operator@sha256:121e0bfb87b57655db4a735762a26e23f1b3de7b105cbf09bb300043601c1b43_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/lightspeed-rhel9-operator@sha256:6a06579accd268ca5203edab2e46b89166ae6024507cc5b4bed2e126cdef7986_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/lightspeed-rhel9@sha256:d02ae0212655f8ef70afc7a0656a2fbc95468228b003f6940d01cf4abeb5325b_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/lightspeed-rhel9@sha256:d10f226739a001a0efc0178f19a73fad722dc85484017d13f388f749a374ffea_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/mcp-server-rhel9@sha256:302cf11b0faed78e07e863d4b1e7e31db47590b571239385475d8a4c3cda47dc_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/mcp-server-rhel9@sha256:7dbf390d29d295f346662b605448a9748e24b8f541a84f55b6b7c81b87c46025_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/mcp-tools-rhel9@sha256:e6c019048612b124e9a2100220d46f242f0fd2302bbe42e674bf84c21a56b733_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/mcp-tools-rhel9@sha256:f07206e7881bd11636bebb95f7ec9a70cc817f07d7b34f792265a5ec91d4432b_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/metrics-service-rhel9-operator@sha256:7007f666eadfd7294801e6412e624dbc4bd2288f13ea8820ee55e7552f471831_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/metrics-service-rhel9-operator@sha256:d71829d8bd9bfdba7d248e2e2cd5795139382947889b71bb96b27f7d443e1591_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/metrics-service-rhel9@sha256:ce4ef5c8af91d2056a034f9559a5d92742b18aea7aeaf03d2bacfa92d67c5b9b_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/metrics-service-rhel9@sha256:ee347c1a7b52e512d6bdd65afda44f0e372abbaf4c1f81750f23fc473becf777_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/platform-resource-rhel9-operator@sha256:3641db944490dd326c814487e1c10d5d9d079ba74f8321930ab277fe44b51705_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/platform-resource-rhel9-operator@sha256:7e6ea2d4253efb0aaabce270c56bf8ef84148592862608f501b639566b9996f0_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/platform-resource-runner-rhel9@sha256:41c9292a512f44347fc348afd6846e7e8832abde31452ee12ec8eca235acdce4_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/platform-resource-runner-rhel9@sha256:f30a9515d678d60e9ac035b876ecdaaa8a4852c87fe55e16bcabf598ad447b14_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/receptor-rhel9@sha256:1ad72d1f577d63894eec4278c1b92b6e295cb3c0543b4dd2e93750c2cc83d535_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/receptor-rhel9@sha256:5c5bc6761dbd47effea36014affa352bddd5a18696377967f1f50b75df2741fe_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform/platform-operator-bundle@sha256:32560cdb08b7da9d671f9b035e595971c5bdf865c56eb6825b9a4910add1b9cf_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform/platform-operator-bundle@sha256:8ef224281fd23b4203da09336df25550db17b01f025e99b8e9821d4bc3ddedfc_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "urllib3: urllib3: Information disclosure via cross-origin redirects forwarding sensitive headers"
},
{
"cve": "CVE-2026-44432",
"cwe": {
"id": "CWE-409",
"name": "Improper Handling of Highly Compressed Data (Data Amplification)"
},
"discovery_date": "2026-05-13T17:01:01.083841+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/aap-must-gather-rhel9@sha256:51ed36bb2a95df762fa0239faf7bcc70b68dbd5f744bd2094f5e29ecc6700eb3_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/aap-must-gather-rhel9@sha256:8426a97219763cb74366755416683d79e8b56c95da290b0fa2fff59a5db51db3_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/ansible-builder-rhel9@sha256:0ddbc5f91472e5872912da6131e71df85e87b79ef8ea3d38bb4247f1456d4a00_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/ansible-builder-rhel9@sha256:f75e2056244899ae5e2ecab1404663bf554f7451cc521e0d7a75a2f40ecac7a1_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/ansible-dev-tools-rhel9@sha256:7dcd3a60624fa4f6c9f591ef8ffc48ba0f5152b7108a6070fa8f680c20168c95_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/ansible-dev-tools-rhel9@sha256:a8135ef1879793f311f2661c380bd5fbbedc14a4d195aeaa5a4cb04ad4845f49_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/ansible-devspaces-rhel9@sha256:2211c0e7cd573bf30873329c46e91f98ff01fcb7e0753823d4c0517217c31ac3_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/ansible-devspaces-rhel9@sha256:a6903f68684eb8f5bc688b75e390727b5ed48b864784657e49611966266c9f3f_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/controller-rhel9-operator@sha256:5ffa88952441ddab19ada1bd2603e3614b75d10ef51e38098c2d22d8b358b518_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/controller-rhel9-operator@sha256:afca3fb56256dcb7cb04a67fb52bff0160064c65f901a70fa3e97ed30ddaab7a_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/controller-rhel9@sha256:5e1a04dbcddc141f0026ccee871050cf974175b62c3d22b33e5ec3aec54128d3_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/controller-rhel9@sha256:ddb59951ccb324d8bd6ae9c6a6093f211bcb08d8cac7c4fb10f191e421aa59d3_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/de-minimal-rhel9@sha256:55ad63ce31700829d0df23692d02cb7796404b122f790f9329f4b742c5f6783e_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/de-minimal-rhel9@sha256:587ec88d08d4113f07778f81aae6de62c9e9d971b677b1375b547aa7dd1178c8_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/de-supported-rhel9@sha256:5aa7b2e33b9480f45faf8b4686bfb264838b5c1c62c537c5a2ec7b5a8617ac49_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/de-supported-rhel9@sha256:830fa58a60fbd7f768e236b2052edd1d37fc7cf383a0ccd65483b09fa5b07bd2_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/eda-controller-rhel9-operator@sha256:a18f77ccf6c524f5d0c11d34d6787b22548194b6897abd491de85b00fc1befd3_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/eda-controller-rhel9-operator@sha256:b58803576b7a2e119ffe83ceb252d8d402f1611c891c2c6ac7c4e0399acd848f_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/eda-controller-ui-rhel9@sha256:bd7350b62eb0f2de274eafd7dc32e4cf3073bd597e282268ff17777b9fe5d102_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/eda-controller-ui-rhel9@sha256:fe72e508123fdd2795959017e5572689b039d5bdfc675dc45673c5586fceea17_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/ee-minimal-rhel9@sha256:abaebe0c1fbc2a013fad8ec411a449705c8a78759b82ddbe661afd99e90dada5_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/ee-minimal-rhel9@sha256:c4f9e3356a2217008bd6f69325ae74d547703f1bcfe39bd74737f30c6914f711_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/ee-supported-rhel9@sha256:017495624b22a5825231dd70443dc9ab359da0df5ea16a5a04e0f4dc915b6e0f_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/ee-supported-rhel9@sha256:fcb7685115cfbf0a10ef87d6bb7a43c251c207a4fd7a31c5908cad85b6ae0e1a_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/gateway-proxy-rhel9@sha256:d15bd832817f039fa3c09d6d74088254b6fae15a5efed7a88279a657b2f23f16_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/gateway-proxy-rhel9@sha256:e78dd744714feae5ae944c759759bff17c061c7ed2d3bd1454ba763131ed6ee0_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/gateway-rhel9-operator@sha256:de3d43a8d9a2cf0d533337e825b078205cc37b01c935a4f68ac152a8a7a7533c_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/gateway-rhel9-operator@sha256:eca1f9bd16210653a372e34a4f40ca4d6330618a2acba64f6f7c2e8e95026da1_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/gateway-rhel9@sha256:a961d06200887f646ed797932c3159634581fe144e5f29f1fef47ddc859eed31_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/gateway-rhel9@sha256:bd28a84fe3b750313749ec80d44cac88c7b06408b0caceea08d303f51c1f559a_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/hub-rhel9-operator@sha256:3312c6acd7a577bd8b3ccda5a65f8505ff76e2acc7a46e7f290a49dfb53cfac4_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/hub-rhel9-operator@sha256:c738cf5ef020b44a404402ddd660afc3d418a758751f848068bda4bc5bce0e35_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/hub-web-rhel9@sha256:adca5f837877df04696709a4826ccae31e2fdc50aa8bc32fabb4ef40cd51f0ef_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/hub-web-rhel9@sha256:fb8342f0f6b8322194bc357c7d9c9d89ef6ca052b88c5618bbf768f555a54b13_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/lightspeed-chatbot-rhel9@sha256:2fab408777ea512f3cf8ac57d5989fa0017f6352dcead3a320d348a3e2ac1004_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/lightspeed-chatbot-rhel9@sha256:c014148a6140721bb7733d5f30c7adbe3e2cc6f8a7cd6c3a939ab96f8c9420ee_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/lightspeed-rhel9-operator@sha256:121e0bfb87b57655db4a735762a26e23f1b3de7b105cbf09bb300043601c1b43_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/lightspeed-rhel9-operator@sha256:6a06579accd268ca5203edab2e46b89166ae6024507cc5b4bed2e126cdef7986_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/lightspeed-rhel9@sha256:d02ae0212655f8ef70afc7a0656a2fbc95468228b003f6940d01cf4abeb5325b_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/lightspeed-rhel9@sha256:d10f226739a001a0efc0178f19a73fad722dc85484017d13f388f749a374ffea_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/mcp-server-rhel9@sha256:302cf11b0faed78e07e863d4b1e7e31db47590b571239385475d8a4c3cda47dc_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/mcp-server-rhel9@sha256:7dbf390d29d295f346662b605448a9748e24b8f541a84f55b6b7c81b87c46025_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/mcp-tools-rhel9@sha256:e6c019048612b124e9a2100220d46f242f0fd2302bbe42e674bf84c21a56b733_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/mcp-tools-rhel9@sha256:f07206e7881bd11636bebb95f7ec9a70cc817f07d7b34f792265a5ec91d4432b_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/metrics-service-rhel9-operator@sha256:7007f666eadfd7294801e6412e624dbc4bd2288f13ea8820ee55e7552f471831_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/metrics-service-rhel9-operator@sha256:d71829d8bd9bfdba7d248e2e2cd5795139382947889b71bb96b27f7d443e1591_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/metrics-service-rhel9@sha256:ce4ef5c8af91d2056a034f9559a5d92742b18aea7aeaf03d2bacfa92d67c5b9b_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/metrics-service-rhel9@sha256:ee347c1a7b52e512d6bdd65afda44f0e372abbaf4c1f81750f23fc473becf777_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/platform-resource-rhel9-operator@sha256:3641db944490dd326c814487e1c10d5d9d079ba74f8321930ab277fe44b51705_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/platform-resource-rhel9-operator@sha256:7e6ea2d4253efb0aaabce270c56bf8ef84148592862608f501b639566b9996f0_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/platform-resource-runner-rhel9@sha256:41c9292a512f44347fc348afd6846e7e8832abde31452ee12ec8eca235acdce4_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/platform-resource-runner-rhel9@sha256:f30a9515d678d60e9ac035b876ecdaaa8a4852c87fe55e16bcabf598ad447b14_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/receptor-rhel9@sha256:1ad72d1f577d63894eec4278c1b92b6e295cb3c0543b4dd2e93750c2cc83d535_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/receptor-rhel9@sha256:5c5bc6761dbd47effea36014affa352bddd5a18696377967f1f50b75df2741fe_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform/platform-operator-bundle@sha256:32560cdb08b7da9d671f9b035e595971c5bdf865c56eb6825b9a4910add1b9cf_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform/platform-operator-bundle@sha256:8ef224281fd23b4203da09336df25550db17b01f025e99b8e9821d4bc3ddedfc_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2477154"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in urllib3, an HTTP client library for Python. This vulnerability allows a remote attacker to cause excessive resource consumption, such as high CPU usage and massive memory allocation, on the client side. This occurs when urllib3 attempts to decompress an entire HTTP response, even if only a partial read was requested, or when draining the connection after a partial decompression. This can lead to a Denial of Service (DoS) condition.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "urllib3: urllib3: Denial of Service due to excessive HTTP response decompression",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/eda-controller-rhel9@sha256:daefffce756c8c7918377279ada50a9cc127ab0939ed308c786940d5dc42e0d9_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/eda-controller-rhel9@sha256:dfde61892d055e89b056f7fb8863f3a0961df2bb8890323b8301670fc8afc66b_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/hub-rhel9@sha256:3a04de6f43c1352f5df5c5a9e19fd8aad23d2921d23dcef8a9f5e121a87fe800_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/hub-rhel9@sha256:cdd7f08ba3846269e6932375c1a7bdb4ed3bfe062ba7bcd5a872def4293150a6_amd64"
],
"known_not_affected": [
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/aap-must-gather-rhel9@sha256:51ed36bb2a95df762fa0239faf7bcc70b68dbd5f744bd2094f5e29ecc6700eb3_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/aap-must-gather-rhel9@sha256:8426a97219763cb74366755416683d79e8b56c95da290b0fa2fff59a5db51db3_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/ansible-builder-rhel9@sha256:0ddbc5f91472e5872912da6131e71df85e87b79ef8ea3d38bb4247f1456d4a00_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/ansible-builder-rhel9@sha256:f75e2056244899ae5e2ecab1404663bf554f7451cc521e0d7a75a2f40ecac7a1_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/ansible-dev-tools-rhel9@sha256:7dcd3a60624fa4f6c9f591ef8ffc48ba0f5152b7108a6070fa8f680c20168c95_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/ansible-dev-tools-rhel9@sha256:a8135ef1879793f311f2661c380bd5fbbedc14a4d195aeaa5a4cb04ad4845f49_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/ansible-devspaces-rhel9@sha256:2211c0e7cd573bf30873329c46e91f98ff01fcb7e0753823d4c0517217c31ac3_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/ansible-devspaces-rhel9@sha256:a6903f68684eb8f5bc688b75e390727b5ed48b864784657e49611966266c9f3f_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/controller-rhel9-operator@sha256:5ffa88952441ddab19ada1bd2603e3614b75d10ef51e38098c2d22d8b358b518_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/controller-rhel9-operator@sha256:afca3fb56256dcb7cb04a67fb52bff0160064c65f901a70fa3e97ed30ddaab7a_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/controller-rhel9@sha256:5e1a04dbcddc141f0026ccee871050cf974175b62c3d22b33e5ec3aec54128d3_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/controller-rhel9@sha256:ddb59951ccb324d8bd6ae9c6a6093f211bcb08d8cac7c4fb10f191e421aa59d3_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/de-minimal-rhel9@sha256:55ad63ce31700829d0df23692d02cb7796404b122f790f9329f4b742c5f6783e_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/de-minimal-rhel9@sha256:587ec88d08d4113f07778f81aae6de62c9e9d971b677b1375b547aa7dd1178c8_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/de-supported-rhel9@sha256:5aa7b2e33b9480f45faf8b4686bfb264838b5c1c62c537c5a2ec7b5a8617ac49_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/de-supported-rhel9@sha256:830fa58a60fbd7f768e236b2052edd1d37fc7cf383a0ccd65483b09fa5b07bd2_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/eda-controller-rhel9-operator@sha256:a18f77ccf6c524f5d0c11d34d6787b22548194b6897abd491de85b00fc1befd3_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/eda-controller-rhel9-operator@sha256:b58803576b7a2e119ffe83ceb252d8d402f1611c891c2c6ac7c4e0399acd848f_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/eda-controller-ui-rhel9@sha256:bd7350b62eb0f2de274eafd7dc32e4cf3073bd597e282268ff17777b9fe5d102_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/eda-controller-ui-rhel9@sha256:fe72e508123fdd2795959017e5572689b039d5bdfc675dc45673c5586fceea17_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/ee-minimal-rhel9@sha256:abaebe0c1fbc2a013fad8ec411a449705c8a78759b82ddbe661afd99e90dada5_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/ee-minimal-rhel9@sha256:c4f9e3356a2217008bd6f69325ae74d547703f1bcfe39bd74737f30c6914f711_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/ee-supported-rhel9@sha256:017495624b22a5825231dd70443dc9ab359da0df5ea16a5a04e0f4dc915b6e0f_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/ee-supported-rhel9@sha256:fcb7685115cfbf0a10ef87d6bb7a43c251c207a4fd7a31c5908cad85b6ae0e1a_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/gateway-proxy-rhel9@sha256:d15bd832817f039fa3c09d6d74088254b6fae15a5efed7a88279a657b2f23f16_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/gateway-proxy-rhel9@sha256:e78dd744714feae5ae944c759759bff17c061c7ed2d3bd1454ba763131ed6ee0_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/gateway-rhel9-operator@sha256:de3d43a8d9a2cf0d533337e825b078205cc37b01c935a4f68ac152a8a7a7533c_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/gateway-rhel9-operator@sha256:eca1f9bd16210653a372e34a4f40ca4d6330618a2acba64f6f7c2e8e95026da1_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/gateway-rhel9@sha256:a961d06200887f646ed797932c3159634581fe144e5f29f1fef47ddc859eed31_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/gateway-rhel9@sha256:bd28a84fe3b750313749ec80d44cac88c7b06408b0caceea08d303f51c1f559a_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/hub-rhel9-operator@sha256:3312c6acd7a577bd8b3ccda5a65f8505ff76e2acc7a46e7f290a49dfb53cfac4_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/hub-rhel9-operator@sha256:c738cf5ef020b44a404402ddd660afc3d418a758751f848068bda4bc5bce0e35_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/hub-web-rhel9@sha256:adca5f837877df04696709a4826ccae31e2fdc50aa8bc32fabb4ef40cd51f0ef_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/hub-web-rhel9@sha256:fb8342f0f6b8322194bc357c7d9c9d89ef6ca052b88c5618bbf768f555a54b13_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/lightspeed-chatbot-rhel9@sha256:2fab408777ea512f3cf8ac57d5989fa0017f6352dcead3a320d348a3e2ac1004_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/lightspeed-chatbot-rhel9@sha256:c014148a6140721bb7733d5f30c7adbe3e2cc6f8a7cd6c3a939ab96f8c9420ee_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/lightspeed-rhel9-operator@sha256:121e0bfb87b57655db4a735762a26e23f1b3de7b105cbf09bb300043601c1b43_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/lightspeed-rhel9-operator@sha256:6a06579accd268ca5203edab2e46b89166ae6024507cc5b4bed2e126cdef7986_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/lightspeed-rhel9@sha256:d02ae0212655f8ef70afc7a0656a2fbc95468228b003f6940d01cf4abeb5325b_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/lightspeed-rhel9@sha256:d10f226739a001a0efc0178f19a73fad722dc85484017d13f388f749a374ffea_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/mcp-server-rhel9@sha256:302cf11b0faed78e07e863d4b1e7e31db47590b571239385475d8a4c3cda47dc_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/mcp-server-rhel9@sha256:7dbf390d29d295f346662b605448a9748e24b8f541a84f55b6b7c81b87c46025_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/mcp-tools-rhel9@sha256:e6c019048612b124e9a2100220d46f242f0fd2302bbe42e674bf84c21a56b733_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/mcp-tools-rhel9@sha256:f07206e7881bd11636bebb95f7ec9a70cc817f07d7b34f792265a5ec91d4432b_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/metrics-service-rhel9-operator@sha256:7007f666eadfd7294801e6412e624dbc4bd2288f13ea8820ee55e7552f471831_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/metrics-service-rhel9-operator@sha256:d71829d8bd9bfdba7d248e2e2cd5795139382947889b71bb96b27f7d443e1591_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/metrics-service-rhel9@sha256:ce4ef5c8af91d2056a034f9559a5d92742b18aea7aeaf03d2bacfa92d67c5b9b_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/metrics-service-rhel9@sha256:ee347c1a7b52e512d6bdd65afda44f0e372abbaf4c1f81750f23fc473becf777_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/platform-resource-rhel9-operator@sha256:3641db944490dd326c814487e1c10d5d9d079ba74f8321930ab277fe44b51705_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/platform-resource-rhel9-operator@sha256:7e6ea2d4253efb0aaabce270c56bf8ef84148592862608f501b639566b9996f0_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/platform-resource-runner-rhel9@sha256:41c9292a512f44347fc348afd6846e7e8832abde31452ee12ec8eca235acdce4_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/platform-resource-runner-rhel9@sha256:f30a9515d678d60e9ac035b876ecdaaa8a4852c87fe55e16bcabf598ad447b14_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/receptor-rhel9@sha256:1ad72d1f577d63894eec4278c1b92b6e295cb3c0543b4dd2e93750c2cc83d535_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/receptor-rhel9@sha256:5c5bc6761dbd47effea36014affa352bddd5a18696377967f1f50b75df2741fe_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform/platform-operator-bundle@sha256:32560cdb08b7da9d671f9b035e595971c5bdf865c56eb6825b9a4910add1b9cf_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform/platform-operator-bundle@sha256:8ef224281fd23b4203da09336df25550db17b01f025e99b8e9821d4bc3ddedfc_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-44432"
},
{
"category": "external",
"summary": "RHBZ#2477154",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2477154"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-44432",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-44432"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-44432",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44432"
},
{
"category": "external",
"summary": "https://github.com/urllib3/urllib3/security/advisories/GHSA-mf9v-mfxr-j63j",
"url": "https://github.com/urllib3/urllib3/security/advisories/GHSA-mf9v-mfxr-j63j"
}
],
"release_date": "2026-05-13T15:17:12.611000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-15T08:51:13+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\nFor details on how to apply this update, refer to:\nhttps://docs.redhat.com/en/documentation/red_hat_ansible_automation_platform/2.7#Upgrade",
"product_ids": [
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/eda-controller-rhel9@sha256:daefffce756c8c7918377279ada50a9cc127ab0939ed308c786940d5dc42e0d9_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/eda-controller-rhel9@sha256:dfde61892d055e89b056f7fb8863f3a0961df2bb8890323b8301670fc8afc66b_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/hub-rhel9@sha256:3a04de6f43c1352f5df5c5a9e19fd8aad23d2921d23dcef8a9f5e121a87fe800_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/hub-rhel9@sha256:cdd7f08ba3846269e6932375c1a7bdb4ed3bfe062ba7bcd5a872def4293150a6_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:25928"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/aap-must-gather-rhel9@sha256:51ed36bb2a95df762fa0239faf7bcc70b68dbd5f744bd2094f5e29ecc6700eb3_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/aap-must-gather-rhel9@sha256:8426a97219763cb74366755416683d79e8b56c95da290b0fa2fff59a5db51db3_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/ansible-builder-rhel9@sha256:0ddbc5f91472e5872912da6131e71df85e87b79ef8ea3d38bb4247f1456d4a00_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/ansible-builder-rhel9@sha256:f75e2056244899ae5e2ecab1404663bf554f7451cc521e0d7a75a2f40ecac7a1_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/ansible-dev-tools-rhel9@sha256:7dcd3a60624fa4f6c9f591ef8ffc48ba0f5152b7108a6070fa8f680c20168c95_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/ansible-dev-tools-rhel9@sha256:a8135ef1879793f311f2661c380bd5fbbedc14a4d195aeaa5a4cb04ad4845f49_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/ansible-devspaces-rhel9@sha256:2211c0e7cd573bf30873329c46e91f98ff01fcb7e0753823d4c0517217c31ac3_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/ansible-devspaces-rhel9@sha256:a6903f68684eb8f5bc688b75e390727b5ed48b864784657e49611966266c9f3f_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/controller-rhel9-operator@sha256:5ffa88952441ddab19ada1bd2603e3614b75d10ef51e38098c2d22d8b358b518_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/controller-rhel9-operator@sha256:afca3fb56256dcb7cb04a67fb52bff0160064c65f901a70fa3e97ed30ddaab7a_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/controller-rhel9@sha256:5e1a04dbcddc141f0026ccee871050cf974175b62c3d22b33e5ec3aec54128d3_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/controller-rhel9@sha256:ddb59951ccb324d8bd6ae9c6a6093f211bcb08d8cac7c4fb10f191e421aa59d3_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/de-minimal-rhel9@sha256:55ad63ce31700829d0df23692d02cb7796404b122f790f9329f4b742c5f6783e_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/de-minimal-rhel9@sha256:587ec88d08d4113f07778f81aae6de62c9e9d971b677b1375b547aa7dd1178c8_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/de-supported-rhel9@sha256:5aa7b2e33b9480f45faf8b4686bfb264838b5c1c62c537c5a2ec7b5a8617ac49_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/de-supported-rhel9@sha256:830fa58a60fbd7f768e236b2052edd1d37fc7cf383a0ccd65483b09fa5b07bd2_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/eda-controller-rhel9-operator@sha256:a18f77ccf6c524f5d0c11d34d6787b22548194b6897abd491de85b00fc1befd3_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/eda-controller-rhel9-operator@sha256:b58803576b7a2e119ffe83ceb252d8d402f1611c891c2c6ac7c4e0399acd848f_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/eda-controller-rhel9@sha256:daefffce756c8c7918377279ada50a9cc127ab0939ed308c786940d5dc42e0d9_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/eda-controller-rhel9@sha256:dfde61892d055e89b056f7fb8863f3a0961df2bb8890323b8301670fc8afc66b_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/eda-controller-ui-rhel9@sha256:bd7350b62eb0f2de274eafd7dc32e4cf3073bd597e282268ff17777b9fe5d102_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/eda-controller-ui-rhel9@sha256:fe72e508123fdd2795959017e5572689b039d5bdfc675dc45673c5586fceea17_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/ee-minimal-rhel9@sha256:abaebe0c1fbc2a013fad8ec411a449705c8a78759b82ddbe661afd99e90dada5_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/ee-minimal-rhel9@sha256:c4f9e3356a2217008bd6f69325ae74d547703f1bcfe39bd74737f30c6914f711_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/ee-supported-rhel9@sha256:017495624b22a5825231dd70443dc9ab359da0df5ea16a5a04e0f4dc915b6e0f_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/ee-supported-rhel9@sha256:fcb7685115cfbf0a10ef87d6bb7a43c251c207a4fd7a31c5908cad85b6ae0e1a_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/gateway-proxy-rhel9@sha256:d15bd832817f039fa3c09d6d74088254b6fae15a5efed7a88279a657b2f23f16_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/gateway-proxy-rhel9@sha256:e78dd744714feae5ae944c759759bff17c061c7ed2d3bd1454ba763131ed6ee0_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/gateway-rhel9-operator@sha256:de3d43a8d9a2cf0d533337e825b078205cc37b01c935a4f68ac152a8a7a7533c_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/gateway-rhel9-operator@sha256:eca1f9bd16210653a372e34a4f40ca4d6330618a2acba64f6f7c2e8e95026da1_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/gateway-rhel9@sha256:a961d06200887f646ed797932c3159634581fe144e5f29f1fef47ddc859eed31_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/gateway-rhel9@sha256:bd28a84fe3b750313749ec80d44cac88c7b06408b0caceea08d303f51c1f559a_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/hub-rhel9-operator@sha256:3312c6acd7a577bd8b3ccda5a65f8505ff76e2acc7a46e7f290a49dfb53cfac4_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/hub-rhel9-operator@sha256:c738cf5ef020b44a404402ddd660afc3d418a758751f848068bda4bc5bce0e35_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/hub-rhel9@sha256:3a04de6f43c1352f5df5c5a9e19fd8aad23d2921d23dcef8a9f5e121a87fe800_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/hub-rhel9@sha256:cdd7f08ba3846269e6932375c1a7bdb4ed3bfe062ba7bcd5a872def4293150a6_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/hub-web-rhel9@sha256:adca5f837877df04696709a4826ccae31e2fdc50aa8bc32fabb4ef40cd51f0ef_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/hub-web-rhel9@sha256:fb8342f0f6b8322194bc357c7d9c9d89ef6ca052b88c5618bbf768f555a54b13_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/lightspeed-chatbot-rhel9@sha256:2fab408777ea512f3cf8ac57d5989fa0017f6352dcead3a320d348a3e2ac1004_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/lightspeed-chatbot-rhel9@sha256:c014148a6140721bb7733d5f30c7adbe3e2cc6f8a7cd6c3a939ab96f8c9420ee_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/lightspeed-rhel9-operator@sha256:121e0bfb87b57655db4a735762a26e23f1b3de7b105cbf09bb300043601c1b43_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/lightspeed-rhel9-operator@sha256:6a06579accd268ca5203edab2e46b89166ae6024507cc5b4bed2e126cdef7986_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/lightspeed-rhel9@sha256:d02ae0212655f8ef70afc7a0656a2fbc95468228b003f6940d01cf4abeb5325b_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/lightspeed-rhel9@sha256:d10f226739a001a0efc0178f19a73fad722dc85484017d13f388f749a374ffea_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/mcp-server-rhel9@sha256:302cf11b0faed78e07e863d4b1e7e31db47590b571239385475d8a4c3cda47dc_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/mcp-server-rhel9@sha256:7dbf390d29d295f346662b605448a9748e24b8f541a84f55b6b7c81b87c46025_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/mcp-tools-rhel9@sha256:e6c019048612b124e9a2100220d46f242f0fd2302bbe42e674bf84c21a56b733_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/mcp-tools-rhel9@sha256:f07206e7881bd11636bebb95f7ec9a70cc817f07d7b34f792265a5ec91d4432b_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/metrics-service-rhel9-operator@sha256:7007f666eadfd7294801e6412e624dbc4bd2288f13ea8820ee55e7552f471831_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/metrics-service-rhel9-operator@sha256:d71829d8bd9bfdba7d248e2e2cd5795139382947889b71bb96b27f7d443e1591_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/metrics-service-rhel9@sha256:ce4ef5c8af91d2056a034f9559a5d92742b18aea7aeaf03d2bacfa92d67c5b9b_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/metrics-service-rhel9@sha256:ee347c1a7b52e512d6bdd65afda44f0e372abbaf4c1f81750f23fc473becf777_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/platform-resource-rhel9-operator@sha256:3641db944490dd326c814487e1c10d5d9d079ba74f8321930ab277fe44b51705_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/platform-resource-rhel9-operator@sha256:7e6ea2d4253efb0aaabce270c56bf8ef84148592862608f501b639566b9996f0_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/platform-resource-runner-rhel9@sha256:41c9292a512f44347fc348afd6846e7e8832abde31452ee12ec8eca235acdce4_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/platform-resource-runner-rhel9@sha256:f30a9515d678d60e9ac035b876ecdaaa8a4852c87fe55e16bcabf598ad447b14_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/receptor-rhel9@sha256:1ad72d1f577d63894eec4278c1b92b6e295cb3c0543b4dd2e93750c2cc83d535_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/receptor-rhel9@sha256:5c5bc6761dbd47effea36014affa352bddd5a18696377967f1f50b75df2741fe_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform/platform-operator-bundle@sha256:32560cdb08b7da9d671f9b035e595971c5bdf865c56eb6825b9a4910add1b9cf_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform/platform-operator-bundle@sha256:8ef224281fd23b4203da09336df25550db17b01f025e99b8e9821d4bc3ddedfc_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "urllib3: urllib3: Denial of Service due to excessive HTTP response decompression"
},
{
"cve": "CVE-2026-48526",
"cwe": {
"id": "CWE-347",
"name": "Improper Verification of Cryptographic Signature"
},
"discovery_date": "2026-05-28T16:01:22.805235+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/aap-must-gather-rhel9@sha256:51ed36bb2a95df762fa0239faf7bcc70b68dbd5f744bd2094f5e29ecc6700eb3_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/aap-must-gather-rhel9@sha256:8426a97219763cb74366755416683d79e8b56c95da290b0fa2fff59a5db51db3_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/ansible-builder-rhel9@sha256:0ddbc5f91472e5872912da6131e71df85e87b79ef8ea3d38bb4247f1456d4a00_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/ansible-builder-rhel9@sha256:f75e2056244899ae5e2ecab1404663bf554f7451cc521e0d7a75a2f40ecac7a1_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/ansible-dev-tools-rhel9@sha256:7dcd3a60624fa4f6c9f591ef8ffc48ba0f5152b7108a6070fa8f680c20168c95_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/ansible-dev-tools-rhel9@sha256:a8135ef1879793f311f2661c380bd5fbbedc14a4d195aeaa5a4cb04ad4845f49_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/ansible-devspaces-rhel9@sha256:2211c0e7cd573bf30873329c46e91f98ff01fcb7e0753823d4c0517217c31ac3_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/ansible-devspaces-rhel9@sha256:a6903f68684eb8f5bc688b75e390727b5ed48b864784657e49611966266c9f3f_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/controller-rhel9-operator@sha256:5ffa88952441ddab19ada1bd2603e3614b75d10ef51e38098c2d22d8b358b518_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/controller-rhel9-operator@sha256:afca3fb56256dcb7cb04a67fb52bff0160064c65f901a70fa3e97ed30ddaab7a_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/controller-rhel9@sha256:5e1a04dbcddc141f0026ccee871050cf974175b62c3d22b33e5ec3aec54128d3_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/controller-rhel9@sha256:ddb59951ccb324d8bd6ae9c6a6093f211bcb08d8cac7c4fb10f191e421aa59d3_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/de-minimal-rhel9@sha256:55ad63ce31700829d0df23692d02cb7796404b122f790f9329f4b742c5f6783e_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/de-minimal-rhel9@sha256:587ec88d08d4113f07778f81aae6de62c9e9d971b677b1375b547aa7dd1178c8_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/de-supported-rhel9@sha256:5aa7b2e33b9480f45faf8b4686bfb264838b5c1c62c537c5a2ec7b5a8617ac49_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/de-supported-rhel9@sha256:830fa58a60fbd7f768e236b2052edd1d37fc7cf383a0ccd65483b09fa5b07bd2_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/eda-controller-rhel9-operator@sha256:a18f77ccf6c524f5d0c11d34d6787b22548194b6897abd491de85b00fc1befd3_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/eda-controller-rhel9-operator@sha256:b58803576b7a2e119ffe83ceb252d8d402f1611c891c2c6ac7c4e0399acd848f_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/eda-controller-rhel9@sha256:daefffce756c8c7918377279ada50a9cc127ab0939ed308c786940d5dc42e0d9_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/eda-controller-rhel9@sha256:dfde61892d055e89b056f7fb8863f3a0961df2bb8890323b8301670fc8afc66b_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/eda-controller-ui-rhel9@sha256:bd7350b62eb0f2de274eafd7dc32e4cf3073bd597e282268ff17777b9fe5d102_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/eda-controller-ui-rhel9@sha256:fe72e508123fdd2795959017e5572689b039d5bdfc675dc45673c5586fceea17_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/ee-minimal-rhel9@sha256:abaebe0c1fbc2a013fad8ec411a449705c8a78759b82ddbe661afd99e90dada5_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/ee-minimal-rhel9@sha256:c4f9e3356a2217008bd6f69325ae74d547703f1bcfe39bd74737f30c6914f711_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/gateway-proxy-rhel9@sha256:d15bd832817f039fa3c09d6d74088254b6fae15a5efed7a88279a657b2f23f16_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/gateway-proxy-rhel9@sha256:e78dd744714feae5ae944c759759bff17c061c7ed2d3bd1454ba763131ed6ee0_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/gateway-rhel9-operator@sha256:de3d43a8d9a2cf0d533337e825b078205cc37b01c935a4f68ac152a8a7a7533c_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/gateway-rhel9-operator@sha256:eca1f9bd16210653a372e34a4f40ca4d6330618a2acba64f6f7c2e8e95026da1_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/gateway-rhel9@sha256:a961d06200887f646ed797932c3159634581fe144e5f29f1fef47ddc859eed31_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/gateway-rhel9@sha256:bd28a84fe3b750313749ec80d44cac88c7b06408b0caceea08d303f51c1f559a_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/hub-rhel9-operator@sha256:3312c6acd7a577bd8b3ccda5a65f8505ff76e2acc7a46e7f290a49dfb53cfac4_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/hub-rhel9-operator@sha256:c738cf5ef020b44a404402ddd660afc3d418a758751f848068bda4bc5bce0e35_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/hub-web-rhel9@sha256:adca5f837877df04696709a4826ccae31e2fdc50aa8bc32fabb4ef40cd51f0ef_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/hub-web-rhel9@sha256:fb8342f0f6b8322194bc357c7d9c9d89ef6ca052b88c5618bbf768f555a54b13_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/lightspeed-rhel9-operator@sha256:121e0bfb87b57655db4a735762a26e23f1b3de7b105cbf09bb300043601c1b43_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/lightspeed-rhel9-operator@sha256:6a06579accd268ca5203edab2e46b89166ae6024507cc5b4bed2e126cdef7986_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/mcp-server-rhel9@sha256:302cf11b0faed78e07e863d4b1e7e31db47590b571239385475d8a4c3cda47dc_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/mcp-server-rhel9@sha256:7dbf390d29d295f346662b605448a9748e24b8f541a84f55b6b7c81b87c46025_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/metrics-service-rhel9-operator@sha256:7007f666eadfd7294801e6412e624dbc4bd2288f13ea8820ee55e7552f471831_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/metrics-service-rhel9-operator@sha256:d71829d8bd9bfdba7d248e2e2cd5795139382947889b71bb96b27f7d443e1591_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/metrics-service-rhel9@sha256:ce4ef5c8af91d2056a034f9559a5d92742b18aea7aeaf03d2bacfa92d67c5b9b_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/metrics-service-rhel9@sha256:ee347c1a7b52e512d6bdd65afda44f0e372abbaf4c1f81750f23fc473becf777_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/platform-resource-rhel9-operator@sha256:3641db944490dd326c814487e1c10d5d9d079ba74f8321930ab277fe44b51705_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/platform-resource-rhel9-operator@sha256:7e6ea2d4253efb0aaabce270c56bf8ef84148592862608f501b639566b9996f0_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/platform-resource-runner-rhel9@sha256:41c9292a512f44347fc348afd6846e7e8832abde31452ee12ec8eca235acdce4_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/platform-resource-runner-rhel9@sha256:f30a9515d678d60e9ac035b876ecdaaa8a4852c87fe55e16bcabf598ad447b14_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/receptor-rhel9@sha256:1ad72d1f577d63894eec4278c1b92b6e295cb3c0543b4dd2e93750c2cc83d535_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/receptor-rhel9@sha256:5c5bc6761dbd47effea36014affa352bddd5a18696377967f1f50b75df2741fe_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform/platform-operator-bundle@sha256:32560cdb08b7da9d671f9b035e595971c5bdf865c56eb6825b9a4910add1b9cf_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform/platform-operator-bundle@sha256:8ef224281fd23b4203da09336df25550db17b01f025e99b8e9821d4bc3ddedfc_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2482734"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in PyJWT, a Python library for JSON Web Token (JWT) implementation. When decoding JWTs, the library fails to validate the use of JSON Web Keys (JWK) in the HMAC algorithm while also supporting asymmetric algorithms. This allows a remote attacker to use the issuer\u0027s public key as the secret key for the HMAC algorithm, leading to the ability to forge JWTs. This vulnerability can result in authentication bypass or unauthorized access.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "python-pyjwt: PyJWT: Authentication bypass due to forged JSON Web Tokens",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This Important vulnerability in PyJWT allows for authentication bypass and unauthorized access. It occurs when a JWT verifier is misconfigured to accept both symmetric and asymmetric algorithms, and a public JSON Web Key is erroneously used as the HMAC secret. Red Hat products are only affected if they utilize this specific, non-standard verifier configuration.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/ee-supported-rhel9@sha256:017495624b22a5825231dd70443dc9ab359da0df5ea16a5a04e0f4dc915b6e0f_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/ee-supported-rhel9@sha256:fcb7685115cfbf0a10ef87d6bb7a43c251c207a4fd7a31c5908cad85b6ae0e1a_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/hub-rhel9@sha256:3a04de6f43c1352f5df5c5a9e19fd8aad23d2921d23dcef8a9f5e121a87fe800_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/hub-rhel9@sha256:cdd7f08ba3846269e6932375c1a7bdb4ed3bfe062ba7bcd5a872def4293150a6_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/lightspeed-chatbot-rhel9@sha256:2fab408777ea512f3cf8ac57d5989fa0017f6352dcead3a320d348a3e2ac1004_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/lightspeed-chatbot-rhel9@sha256:c014148a6140721bb7733d5f30c7adbe3e2cc6f8a7cd6c3a939ab96f8c9420ee_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/lightspeed-rhel9@sha256:d02ae0212655f8ef70afc7a0656a2fbc95468228b003f6940d01cf4abeb5325b_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/lightspeed-rhel9@sha256:d10f226739a001a0efc0178f19a73fad722dc85484017d13f388f749a374ffea_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/mcp-tools-rhel9@sha256:e6c019048612b124e9a2100220d46f242f0fd2302bbe42e674bf84c21a56b733_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/mcp-tools-rhel9@sha256:f07206e7881bd11636bebb95f7ec9a70cc817f07d7b34f792265a5ec91d4432b_arm64"
],
"known_not_affected": [
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/aap-must-gather-rhel9@sha256:51ed36bb2a95df762fa0239faf7bcc70b68dbd5f744bd2094f5e29ecc6700eb3_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/aap-must-gather-rhel9@sha256:8426a97219763cb74366755416683d79e8b56c95da290b0fa2fff59a5db51db3_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/ansible-builder-rhel9@sha256:0ddbc5f91472e5872912da6131e71df85e87b79ef8ea3d38bb4247f1456d4a00_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/ansible-builder-rhel9@sha256:f75e2056244899ae5e2ecab1404663bf554f7451cc521e0d7a75a2f40ecac7a1_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/ansible-dev-tools-rhel9@sha256:7dcd3a60624fa4f6c9f591ef8ffc48ba0f5152b7108a6070fa8f680c20168c95_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/ansible-dev-tools-rhel9@sha256:a8135ef1879793f311f2661c380bd5fbbedc14a4d195aeaa5a4cb04ad4845f49_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/ansible-devspaces-rhel9@sha256:2211c0e7cd573bf30873329c46e91f98ff01fcb7e0753823d4c0517217c31ac3_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/ansible-devspaces-rhel9@sha256:a6903f68684eb8f5bc688b75e390727b5ed48b864784657e49611966266c9f3f_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/controller-rhel9-operator@sha256:5ffa88952441ddab19ada1bd2603e3614b75d10ef51e38098c2d22d8b358b518_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/controller-rhel9-operator@sha256:afca3fb56256dcb7cb04a67fb52bff0160064c65f901a70fa3e97ed30ddaab7a_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/controller-rhel9@sha256:5e1a04dbcddc141f0026ccee871050cf974175b62c3d22b33e5ec3aec54128d3_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/controller-rhel9@sha256:ddb59951ccb324d8bd6ae9c6a6093f211bcb08d8cac7c4fb10f191e421aa59d3_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/de-minimal-rhel9@sha256:55ad63ce31700829d0df23692d02cb7796404b122f790f9329f4b742c5f6783e_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/de-minimal-rhel9@sha256:587ec88d08d4113f07778f81aae6de62c9e9d971b677b1375b547aa7dd1178c8_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/de-supported-rhel9@sha256:5aa7b2e33b9480f45faf8b4686bfb264838b5c1c62c537c5a2ec7b5a8617ac49_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/de-supported-rhel9@sha256:830fa58a60fbd7f768e236b2052edd1d37fc7cf383a0ccd65483b09fa5b07bd2_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/eda-controller-rhel9-operator@sha256:a18f77ccf6c524f5d0c11d34d6787b22548194b6897abd491de85b00fc1befd3_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/eda-controller-rhel9-operator@sha256:b58803576b7a2e119ffe83ceb252d8d402f1611c891c2c6ac7c4e0399acd848f_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/eda-controller-rhel9@sha256:daefffce756c8c7918377279ada50a9cc127ab0939ed308c786940d5dc42e0d9_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/eda-controller-rhel9@sha256:dfde61892d055e89b056f7fb8863f3a0961df2bb8890323b8301670fc8afc66b_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/eda-controller-ui-rhel9@sha256:bd7350b62eb0f2de274eafd7dc32e4cf3073bd597e282268ff17777b9fe5d102_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/eda-controller-ui-rhel9@sha256:fe72e508123fdd2795959017e5572689b039d5bdfc675dc45673c5586fceea17_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/ee-minimal-rhel9@sha256:abaebe0c1fbc2a013fad8ec411a449705c8a78759b82ddbe661afd99e90dada5_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/ee-minimal-rhel9@sha256:c4f9e3356a2217008bd6f69325ae74d547703f1bcfe39bd74737f30c6914f711_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/gateway-proxy-rhel9@sha256:d15bd832817f039fa3c09d6d74088254b6fae15a5efed7a88279a657b2f23f16_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/gateway-proxy-rhel9@sha256:e78dd744714feae5ae944c759759bff17c061c7ed2d3bd1454ba763131ed6ee0_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/gateway-rhel9-operator@sha256:de3d43a8d9a2cf0d533337e825b078205cc37b01c935a4f68ac152a8a7a7533c_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/gateway-rhel9-operator@sha256:eca1f9bd16210653a372e34a4f40ca4d6330618a2acba64f6f7c2e8e95026da1_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/gateway-rhel9@sha256:a961d06200887f646ed797932c3159634581fe144e5f29f1fef47ddc859eed31_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/gateway-rhel9@sha256:bd28a84fe3b750313749ec80d44cac88c7b06408b0caceea08d303f51c1f559a_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/hub-rhel9-operator@sha256:3312c6acd7a577bd8b3ccda5a65f8505ff76e2acc7a46e7f290a49dfb53cfac4_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/hub-rhel9-operator@sha256:c738cf5ef020b44a404402ddd660afc3d418a758751f848068bda4bc5bce0e35_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/hub-web-rhel9@sha256:adca5f837877df04696709a4826ccae31e2fdc50aa8bc32fabb4ef40cd51f0ef_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/hub-web-rhel9@sha256:fb8342f0f6b8322194bc357c7d9c9d89ef6ca052b88c5618bbf768f555a54b13_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/lightspeed-rhel9-operator@sha256:121e0bfb87b57655db4a735762a26e23f1b3de7b105cbf09bb300043601c1b43_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/lightspeed-rhel9-operator@sha256:6a06579accd268ca5203edab2e46b89166ae6024507cc5b4bed2e126cdef7986_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/mcp-server-rhel9@sha256:302cf11b0faed78e07e863d4b1e7e31db47590b571239385475d8a4c3cda47dc_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/mcp-server-rhel9@sha256:7dbf390d29d295f346662b605448a9748e24b8f541a84f55b6b7c81b87c46025_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/metrics-service-rhel9-operator@sha256:7007f666eadfd7294801e6412e624dbc4bd2288f13ea8820ee55e7552f471831_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/metrics-service-rhel9-operator@sha256:d71829d8bd9bfdba7d248e2e2cd5795139382947889b71bb96b27f7d443e1591_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/metrics-service-rhel9@sha256:ce4ef5c8af91d2056a034f9559a5d92742b18aea7aeaf03d2bacfa92d67c5b9b_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/metrics-service-rhel9@sha256:ee347c1a7b52e512d6bdd65afda44f0e372abbaf4c1f81750f23fc473becf777_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/platform-resource-rhel9-operator@sha256:3641db944490dd326c814487e1c10d5d9d079ba74f8321930ab277fe44b51705_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/platform-resource-rhel9-operator@sha256:7e6ea2d4253efb0aaabce270c56bf8ef84148592862608f501b639566b9996f0_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/platform-resource-runner-rhel9@sha256:41c9292a512f44347fc348afd6846e7e8832abde31452ee12ec8eca235acdce4_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/platform-resource-runner-rhel9@sha256:f30a9515d678d60e9ac035b876ecdaaa8a4852c87fe55e16bcabf598ad447b14_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/receptor-rhel9@sha256:1ad72d1f577d63894eec4278c1b92b6e295cb3c0543b4dd2e93750c2cc83d535_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/receptor-rhel9@sha256:5c5bc6761dbd47effea36014affa352bddd5a18696377967f1f50b75df2741fe_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform/platform-operator-bundle@sha256:32560cdb08b7da9d671f9b035e595971c5bdf865c56eb6825b9a4910add1b9cf_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform/platform-operator-bundle@sha256:8ef224281fd23b4203da09336df25550db17b01f025e99b8e9821d4bc3ddedfc_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-48526"
},
{
"category": "external",
"summary": "RHBZ#2482734",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2482734"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-48526",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-48526"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-48526",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-48526"
},
{
"category": "external",
"summary": "https://github.com/jpadilla/pyjwt/security/advisories/GHSA-xgmm-8j9v-c9wx",
"url": "https://github.com/jpadilla/pyjwt/security/advisories/GHSA-xgmm-8j9v-c9wx"
}
],
"release_date": "2026-05-28T15:09:09.258000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-15T08:51:13+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\nFor details on how to apply this update, refer to:\nhttps://docs.redhat.com/en/documentation/red_hat_ansible_automation_platform/2.7#Upgrade",
"product_ids": [
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/ee-supported-rhel9@sha256:017495624b22a5825231dd70443dc9ab359da0df5ea16a5a04e0f4dc915b6e0f_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/ee-supported-rhel9@sha256:fcb7685115cfbf0a10ef87d6bb7a43c251c207a4fd7a31c5908cad85b6ae0e1a_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/hub-rhel9@sha256:3a04de6f43c1352f5df5c5a9e19fd8aad23d2921d23dcef8a9f5e121a87fe800_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/hub-rhel9@sha256:cdd7f08ba3846269e6932375c1a7bdb4ed3bfe062ba7bcd5a872def4293150a6_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/lightspeed-chatbot-rhel9@sha256:2fab408777ea512f3cf8ac57d5989fa0017f6352dcead3a320d348a3e2ac1004_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/lightspeed-chatbot-rhel9@sha256:c014148a6140721bb7733d5f30c7adbe3e2cc6f8a7cd6c3a939ab96f8c9420ee_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/lightspeed-rhel9@sha256:d02ae0212655f8ef70afc7a0656a2fbc95468228b003f6940d01cf4abeb5325b_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/lightspeed-rhel9@sha256:d10f226739a001a0efc0178f19a73fad722dc85484017d13f388f749a374ffea_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/mcp-tools-rhel9@sha256:e6c019048612b124e9a2100220d46f242f0fd2302bbe42e674bf84c21a56b733_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/mcp-tools-rhel9@sha256:f07206e7881bd11636bebb95f7ec9a70cc817f07d7b34f792265a5ec91d4432b_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:25928"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/aap-must-gather-rhel9@sha256:51ed36bb2a95df762fa0239faf7bcc70b68dbd5f744bd2094f5e29ecc6700eb3_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/aap-must-gather-rhel9@sha256:8426a97219763cb74366755416683d79e8b56c95da290b0fa2fff59a5db51db3_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/ansible-builder-rhel9@sha256:0ddbc5f91472e5872912da6131e71df85e87b79ef8ea3d38bb4247f1456d4a00_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/ansible-builder-rhel9@sha256:f75e2056244899ae5e2ecab1404663bf554f7451cc521e0d7a75a2f40ecac7a1_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/ansible-dev-tools-rhel9@sha256:7dcd3a60624fa4f6c9f591ef8ffc48ba0f5152b7108a6070fa8f680c20168c95_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/ansible-dev-tools-rhel9@sha256:a8135ef1879793f311f2661c380bd5fbbedc14a4d195aeaa5a4cb04ad4845f49_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/ansible-devspaces-rhel9@sha256:2211c0e7cd573bf30873329c46e91f98ff01fcb7e0753823d4c0517217c31ac3_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/ansible-devspaces-rhel9@sha256:a6903f68684eb8f5bc688b75e390727b5ed48b864784657e49611966266c9f3f_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/controller-rhel9-operator@sha256:5ffa88952441ddab19ada1bd2603e3614b75d10ef51e38098c2d22d8b358b518_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/controller-rhel9-operator@sha256:afca3fb56256dcb7cb04a67fb52bff0160064c65f901a70fa3e97ed30ddaab7a_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/controller-rhel9@sha256:5e1a04dbcddc141f0026ccee871050cf974175b62c3d22b33e5ec3aec54128d3_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/controller-rhel9@sha256:ddb59951ccb324d8bd6ae9c6a6093f211bcb08d8cac7c4fb10f191e421aa59d3_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/de-minimal-rhel9@sha256:55ad63ce31700829d0df23692d02cb7796404b122f790f9329f4b742c5f6783e_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/de-minimal-rhel9@sha256:587ec88d08d4113f07778f81aae6de62c9e9d971b677b1375b547aa7dd1178c8_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/de-supported-rhel9@sha256:5aa7b2e33b9480f45faf8b4686bfb264838b5c1c62c537c5a2ec7b5a8617ac49_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/de-supported-rhel9@sha256:830fa58a60fbd7f768e236b2052edd1d37fc7cf383a0ccd65483b09fa5b07bd2_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/eda-controller-rhel9-operator@sha256:a18f77ccf6c524f5d0c11d34d6787b22548194b6897abd491de85b00fc1befd3_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/eda-controller-rhel9-operator@sha256:b58803576b7a2e119ffe83ceb252d8d402f1611c891c2c6ac7c4e0399acd848f_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/eda-controller-rhel9@sha256:daefffce756c8c7918377279ada50a9cc127ab0939ed308c786940d5dc42e0d9_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/eda-controller-rhel9@sha256:dfde61892d055e89b056f7fb8863f3a0961df2bb8890323b8301670fc8afc66b_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/eda-controller-ui-rhel9@sha256:bd7350b62eb0f2de274eafd7dc32e4cf3073bd597e282268ff17777b9fe5d102_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/eda-controller-ui-rhel9@sha256:fe72e508123fdd2795959017e5572689b039d5bdfc675dc45673c5586fceea17_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/ee-minimal-rhel9@sha256:abaebe0c1fbc2a013fad8ec411a449705c8a78759b82ddbe661afd99e90dada5_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/ee-minimal-rhel9@sha256:c4f9e3356a2217008bd6f69325ae74d547703f1bcfe39bd74737f30c6914f711_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/ee-supported-rhel9@sha256:017495624b22a5825231dd70443dc9ab359da0df5ea16a5a04e0f4dc915b6e0f_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/ee-supported-rhel9@sha256:fcb7685115cfbf0a10ef87d6bb7a43c251c207a4fd7a31c5908cad85b6ae0e1a_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/gateway-proxy-rhel9@sha256:d15bd832817f039fa3c09d6d74088254b6fae15a5efed7a88279a657b2f23f16_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/gateway-proxy-rhel9@sha256:e78dd744714feae5ae944c759759bff17c061c7ed2d3bd1454ba763131ed6ee0_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/gateway-rhel9-operator@sha256:de3d43a8d9a2cf0d533337e825b078205cc37b01c935a4f68ac152a8a7a7533c_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/gateway-rhel9-operator@sha256:eca1f9bd16210653a372e34a4f40ca4d6330618a2acba64f6f7c2e8e95026da1_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/gateway-rhel9@sha256:a961d06200887f646ed797932c3159634581fe144e5f29f1fef47ddc859eed31_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/gateway-rhel9@sha256:bd28a84fe3b750313749ec80d44cac88c7b06408b0caceea08d303f51c1f559a_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/hub-rhel9-operator@sha256:3312c6acd7a577bd8b3ccda5a65f8505ff76e2acc7a46e7f290a49dfb53cfac4_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/hub-rhel9-operator@sha256:c738cf5ef020b44a404402ddd660afc3d418a758751f848068bda4bc5bce0e35_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/hub-rhel9@sha256:3a04de6f43c1352f5df5c5a9e19fd8aad23d2921d23dcef8a9f5e121a87fe800_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/hub-rhel9@sha256:cdd7f08ba3846269e6932375c1a7bdb4ed3bfe062ba7bcd5a872def4293150a6_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/hub-web-rhel9@sha256:adca5f837877df04696709a4826ccae31e2fdc50aa8bc32fabb4ef40cd51f0ef_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/hub-web-rhel9@sha256:fb8342f0f6b8322194bc357c7d9c9d89ef6ca052b88c5618bbf768f555a54b13_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/lightspeed-chatbot-rhel9@sha256:2fab408777ea512f3cf8ac57d5989fa0017f6352dcead3a320d348a3e2ac1004_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/lightspeed-chatbot-rhel9@sha256:c014148a6140721bb7733d5f30c7adbe3e2cc6f8a7cd6c3a939ab96f8c9420ee_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/lightspeed-rhel9-operator@sha256:121e0bfb87b57655db4a735762a26e23f1b3de7b105cbf09bb300043601c1b43_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/lightspeed-rhel9-operator@sha256:6a06579accd268ca5203edab2e46b89166ae6024507cc5b4bed2e126cdef7986_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/lightspeed-rhel9@sha256:d02ae0212655f8ef70afc7a0656a2fbc95468228b003f6940d01cf4abeb5325b_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/lightspeed-rhel9@sha256:d10f226739a001a0efc0178f19a73fad722dc85484017d13f388f749a374ffea_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/mcp-server-rhel9@sha256:302cf11b0faed78e07e863d4b1e7e31db47590b571239385475d8a4c3cda47dc_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/mcp-server-rhel9@sha256:7dbf390d29d295f346662b605448a9748e24b8f541a84f55b6b7c81b87c46025_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/mcp-tools-rhel9@sha256:e6c019048612b124e9a2100220d46f242f0fd2302bbe42e674bf84c21a56b733_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/mcp-tools-rhel9@sha256:f07206e7881bd11636bebb95f7ec9a70cc817f07d7b34f792265a5ec91d4432b_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/metrics-service-rhel9-operator@sha256:7007f666eadfd7294801e6412e624dbc4bd2288f13ea8820ee55e7552f471831_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/metrics-service-rhel9-operator@sha256:d71829d8bd9bfdba7d248e2e2cd5795139382947889b71bb96b27f7d443e1591_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/metrics-service-rhel9@sha256:ce4ef5c8af91d2056a034f9559a5d92742b18aea7aeaf03d2bacfa92d67c5b9b_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/metrics-service-rhel9@sha256:ee347c1a7b52e512d6bdd65afda44f0e372abbaf4c1f81750f23fc473becf777_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/platform-resource-rhel9-operator@sha256:3641db944490dd326c814487e1c10d5d9d079ba74f8321930ab277fe44b51705_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/platform-resource-rhel9-operator@sha256:7e6ea2d4253efb0aaabce270c56bf8ef84148592862608f501b639566b9996f0_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/platform-resource-runner-rhel9@sha256:41c9292a512f44347fc348afd6846e7e8832abde31452ee12ec8eca235acdce4_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/platform-resource-runner-rhel9@sha256:f30a9515d678d60e9ac035b876ecdaaa8a4852c87fe55e16bcabf598ad447b14_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/receptor-rhel9@sha256:1ad72d1f577d63894eec4278c1b92b6e295cb3c0543b4dd2e93750c2cc83d535_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/receptor-rhel9@sha256:5c5bc6761dbd47effea36014affa352bddd5a18696377967f1f50b75df2741fe_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform/platform-operator-bundle@sha256:32560cdb08b7da9d671f9b035e595971c5bdf865c56eb6825b9a4910add1b9cf_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform/platform-operator-bundle@sha256:8ef224281fd23b4203da09336df25550db17b01f025e99b8e9821d4bc3ddedfc_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "python-pyjwt: PyJWT: Authentication bypass due to forged JSON Web Tokens"
}
]
}
RHSA-2026:26068
Vulnerability from csaf_redhat - Published: 2026-06-15 21:07 - Updated: 2026-07-03 12:02A flaw was found in fast-uri. A remote attacker could exploit this vulnerability by providing a specially crafted Uniform Resource Locator (URL) containing percent-encoded path separators and dot segments. Due to incorrect processing, fast-uri would decode these elements before proper normalization, leading to distinct URLs resolving to the same internal path. This could allow an attacker to bypass security policies that rely on path-based comparisons, potentially gaining unauthorized access to resources.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:58a826fdd18f7f2d384d11118ecc448faf04fff5611fe7b3881a4099823e5a54_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:6002f4b44f4f2651630ac850692ec1c0fc604fdf70f528fb9f75bcd975aefeb5_amd64 | — |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:4a66f37ba8f857134972c2bc6b9457c6a9b6028a7c865a82fe8af707f7dce3cb_arm64 | — | ||
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:feab2c46a1aa558963e8931df75379d5a9ca3a8cd5a18e9d84fa088b0275044b_amd64 | — |
A flaw was found in the cryptography library. This vulnerability occurs when a non-contiguous buffer is passed to certain application programming interfaces (APIs) that accept Python buffers, such as Hash.update(). A remote attacker could exploit this to cause a buffer overflow, potentially leading to a denial of service.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:4a66f37ba8f857134972c2bc6b9457c6a9b6028a7c865a82fe8af707f7dce3cb_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:feab2c46a1aa558963e8931df75379d5a9ca3a8cd5a18e9d84fa088b0275044b_amd64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:58a826fdd18f7f2d384d11118ecc448faf04fff5611fe7b3881a4099823e5a54_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:6002f4b44f4f2651630ac850692ec1c0fc604fdf70f528fb9f75bcd975aefeb5_amd64 | — |
Workaround
|
A flaw was found in Axios, a widely used HTTP client. This vulnerability, known as a Prototype Pollution "Gadget" attack, allows a remote attacker to subtly alter JSON API responses. By manipulating a specific function, an attacker can selectively modify data within these responses. This could lead to significant security breaches, including unauthorized privilege escalation, fraudulent balance manipulation, or bypassing critical authorization checks.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:58a826fdd18f7f2d384d11118ecc448faf04fff5611fe7b3881a4099823e5a54_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:6002f4b44f4f2651630ac850692ec1c0fc604fdf70f528fb9f75bcd975aefeb5_amd64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:4a66f37ba8f857134972c2bc6b9457c6a9b6028a7c865a82fe8af707f7dce3cb_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:feab2c46a1aa558963e8931df75379d5a9ca3a8cd5a18e9d84fa088b0275044b_amd64 | — |
Workaround
|
A flaw was found in urllib3, an HTTP client library for Python. This vulnerability allows a remote attacker to cause excessive resource consumption, such as high CPU usage and massive memory allocation, on the client side. This occurs when urllib3 attempts to decompress an entire HTTP response, even if only a partial read was requested, or when draining the connection after a partial decompression. This can lead to a Denial of Service (DoS) condition.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:4a66f37ba8f857134972c2bc6b9457c6a9b6028a7c865a82fe8af707f7dce3cb_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:feab2c46a1aa558963e8931df75379d5a9ca3a8cd5a18e9d84fa088b0275044b_amd64 | — |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:58a826fdd18f7f2d384d11118ecc448faf04fff5611fe7b3881a4099823e5a54_arm64 | — | ||
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:6002f4b44f4f2651630ac850692ec1c0fc604fdf70f528fb9f75bcd975aefeb5_amd64 | — |
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "A Subscription Management tool for finding and reporting Red Hat product usage",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat Discovery, also known as Discovery, is an inspection and reporting tool that finds,\nidentifies, and reports environment data, or facts, such as the number of physical and virtual\nsystems on a network, their operating systems, and relevant configuration data stored within\nthem. Discovery also identifies and reports more detailed facts for some versions of key\nRed Hat packages and products that it finds in the network.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:26068",
"url": "https://access.redhat.com/errata/RHSA-2026:26068"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-39892",
"url": "https://access.redhat.com/security/cve/CVE-2026-39892"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-42044",
"url": "https://access.redhat.com/security/cve/CVE-2026-42044"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-44432",
"url": "https://access.redhat.com/security/cve/CVE-2026-44432"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-6321",
"url": "https://access.redhat.com/security/cve/CVE-2026-6321"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "external",
"summary": "https://docs.redhat.com/en/documentation/subscription_central/1-latest/#Discovery",
"url": "https://docs.redhat.com/en/documentation/subscription_central/1-latest/#Discovery"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_26068.json"
}
],
"title": "Red Hat Security Advisory: A Subscription Management tool for finding and reporting Red Hat product usage",
"tracking": {
"current_release_date": "2026-07-03T12:02:57+00:00",
"generator": {
"date": "2026-07-03T12:02:57+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.3.1"
}
},
"id": "RHSA-2026:26068",
"initial_release_date": "2026-06-15T21:07:32+00:00",
"revision_history": [
{
"date": "2026-06-15T21:07:32+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-06-15T21:07:42+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-07-03T12:02:57+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Discovery 2",
"product": {
"name": "Red Hat Discovery 2",
"product_id": "Red Hat Discovery 2",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:discovery:2::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat Discovery"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/discovery/discovery-server-rhel9@sha256:feab2c46a1aa558963e8931df75379d5a9ca3a8cd5a18e9d84fa088b0275044b_amd64",
"product": {
"name": "registry.redhat.io/discovery/discovery-server-rhel9@sha256:feab2c46a1aa558963e8931df75379d5a9ca3a8cd5a18e9d84fa088b0275044b_amd64",
"product_id": "registry.redhat.io/discovery/discovery-server-rhel9@sha256:feab2c46a1aa558963e8931df75379d5a9ca3a8cd5a18e9d84fa088b0275044b_amd64",
"product_identification_helper": {
"purl": "pkg:oci/discovery-server-rhel9@sha256%3Afeab2c46a1aa558963e8931df75379d5a9ca3a8cd5a18e9d84fa088b0275044b?arch=amd64\u0026repository_url=registry.redhat.io/discovery/discovery-server-rhel9\u0026tag=1779395228"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/discovery/discovery-ui-rhel9@sha256:6002f4b44f4f2651630ac850692ec1c0fc604fdf70f528fb9f75bcd975aefeb5_amd64",
"product": {
"name": "registry.redhat.io/discovery/discovery-ui-rhel9@sha256:6002f4b44f4f2651630ac850692ec1c0fc604fdf70f528fb9f75bcd975aefeb5_amd64",
"product_id": "registry.redhat.io/discovery/discovery-ui-rhel9@sha256:6002f4b44f4f2651630ac850692ec1c0fc604fdf70f528fb9f75bcd975aefeb5_amd64",
"product_identification_helper": {
"purl": "pkg:oci/discovery-ui-rhel9@sha256%3A6002f4b44f4f2651630ac850692ec1c0fc604fdf70f528fb9f75bcd975aefeb5?arch=amd64\u0026repository_url=registry.redhat.io/discovery/discovery-ui-rhel9\u0026tag=1779395188"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/discovery/discovery-server-rhel9@sha256:4a66f37ba8f857134972c2bc6b9457c6a9b6028a7c865a82fe8af707f7dce3cb_arm64",
"product": {
"name": "registry.redhat.io/discovery/discovery-server-rhel9@sha256:4a66f37ba8f857134972c2bc6b9457c6a9b6028a7c865a82fe8af707f7dce3cb_arm64",
"product_id": "registry.redhat.io/discovery/discovery-server-rhel9@sha256:4a66f37ba8f857134972c2bc6b9457c6a9b6028a7c865a82fe8af707f7dce3cb_arm64",
"product_identification_helper": {
"purl": "pkg:oci/discovery-server-rhel9@sha256%3A4a66f37ba8f857134972c2bc6b9457c6a9b6028a7c865a82fe8af707f7dce3cb?arch=arm64\u0026repository_url=registry.redhat.io/discovery/discovery-server-rhel9\u0026tag=1779395228"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/discovery/discovery-ui-rhel9@sha256:58a826fdd18f7f2d384d11118ecc448faf04fff5611fe7b3881a4099823e5a54_arm64",
"product": {
"name": "registry.redhat.io/discovery/discovery-ui-rhel9@sha256:58a826fdd18f7f2d384d11118ecc448faf04fff5611fe7b3881a4099823e5a54_arm64",
"product_id": "registry.redhat.io/discovery/discovery-ui-rhel9@sha256:58a826fdd18f7f2d384d11118ecc448faf04fff5611fe7b3881a4099823e5a54_arm64",
"product_identification_helper": {
"purl": "pkg:oci/discovery-ui-rhel9@sha256%3A58a826fdd18f7f2d384d11118ecc448faf04fff5611fe7b3881a4099823e5a54?arch=arm64\u0026repository_url=registry.redhat.io/discovery/discovery-ui-rhel9\u0026tag=1779395188"
}
}
}
],
"category": "architecture",
"name": "arm64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/discovery/discovery-server-rhel9@sha256:4a66f37ba8f857134972c2bc6b9457c6a9b6028a7c865a82fe8af707f7dce3cb_arm64 as a component of Red Hat Discovery 2",
"product_id": "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:4a66f37ba8f857134972c2bc6b9457c6a9b6028a7c865a82fe8af707f7dce3cb_arm64"
},
"product_reference": "registry.redhat.io/discovery/discovery-server-rhel9@sha256:4a66f37ba8f857134972c2bc6b9457c6a9b6028a7c865a82fe8af707f7dce3cb_arm64",
"relates_to_product_reference": "Red Hat Discovery 2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/discovery/discovery-server-rhel9@sha256:feab2c46a1aa558963e8931df75379d5a9ca3a8cd5a18e9d84fa088b0275044b_amd64 as a component of Red Hat Discovery 2",
"product_id": "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:feab2c46a1aa558963e8931df75379d5a9ca3a8cd5a18e9d84fa088b0275044b_amd64"
},
"product_reference": "registry.redhat.io/discovery/discovery-server-rhel9@sha256:feab2c46a1aa558963e8931df75379d5a9ca3a8cd5a18e9d84fa088b0275044b_amd64",
"relates_to_product_reference": "Red Hat Discovery 2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/discovery/discovery-ui-rhel9@sha256:58a826fdd18f7f2d384d11118ecc448faf04fff5611fe7b3881a4099823e5a54_arm64 as a component of Red Hat Discovery 2",
"product_id": "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:58a826fdd18f7f2d384d11118ecc448faf04fff5611fe7b3881a4099823e5a54_arm64"
},
"product_reference": "registry.redhat.io/discovery/discovery-ui-rhel9@sha256:58a826fdd18f7f2d384d11118ecc448faf04fff5611fe7b3881a4099823e5a54_arm64",
"relates_to_product_reference": "Red Hat Discovery 2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/discovery/discovery-ui-rhel9@sha256:6002f4b44f4f2651630ac850692ec1c0fc604fdf70f528fb9f75bcd975aefeb5_amd64 as a component of Red Hat Discovery 2",
"product_id": "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:6002f4b44f4f2651630ac850692ec1c0fc604fdf70f528fb9f75bcd975aefeb5_amd64"
},
"product_reference": "registry.redhat.io/discovery/discovery-ui-rhel9@sha256:6002f4b44f4f2651630ac850692ec1c0fc604fdf70f528fb9f75bcd975aefeb5_amd64",
"relates_to_product_reference": "Red Hat Discovery 2"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-6321",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"discovery_date": "2026-05-04T20:01:14.938426+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:4a66f37ba8f857134972c2bc6b9457c6a9b6028a7c865a82fe8af707f7dce3cb_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:feab2c46a1aa558963e8931df75379d5a9ca3a8cd5a18e9d84fa088b0275044b_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2466582"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in fast-uri. A remote attacker could exploit this vulnerability by providing a specially crafted Uniform Resource Locator (URL) containing percent-encoded path separators and dot segments. Due to incorrect processing, fast-uri would decode these elements before proper normalization, leading to distinct URLs resolving to the same internal path. This could allow an attacker to bypass security policies that rely on path-based comparisons, potentially gaining unauthorized access to resources.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "fast-uri: fast-uri: Path traversal vulnerability allows bypass of security policies",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:58a826fdd18f7f2d384d11118ecc448faf04fff5611fe7b3881a4099823e5a54_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:6002f4b44f4f2651630ac850692ec1c0fc604fdf70f528fb9f75bcd975aefeb5_amd64"
],
"known_not_affected": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:4a66f37ba8f857134972c2bc6b9457c6a9b6028a7c865a82fe8af707f7dce3cb_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:feab2c46a1aa558963e8931df75379d5a9ca3a8cd5a18e9d84fa088b0275044b_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-6321"
},
{
"category": "external",
"summary": "RHBZ#2466582",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2466582"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-6321",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-6321"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-6321",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-6321"
},
{
"category": "external",
"summary": "https://cna.openjsf.org/security-advisories.html",
"url": "https://cna.openjsf.org/security-advisories.html"
},
{
"category": "external",
"summary": "https://github.com/fastify/fast-uri/security/advisories/GHSA-q3j6-qgpj-74h6",
"url": "https://github.com/fastify/fast-uri/security/advisories/GHSA-q3j6-qgpj-74h6"
}
],
"release_date": "2026-05-04T19:31:57.253000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-15T21:07:32+00:00",
"details": "The containers required to run Discovery can be installed through discovery-installer\nRPM. See the official documentation for more details.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:58a826fdd18f7f2d384d11118ecc448faf04fff5611fe7b3881a4099823e5a54_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:6002f4b44f4f2651630ac850692ec1c0fc604fdf70f528fb9f75bcd975aefeb5_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:26068"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:4a66f37ba8f857134972c2bc6b9457c6a9b6028a7c865a82fe8af707f7dce3cb_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:feab2c46a1aa558963e8931df75379d5a9ca3a8cd5a18e9d84fa088b0275044b_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:58a826fdd18f7f2d384d11118ecc448faf04fff5611fe7b3881a4099823e5a54_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:6002f4b44f4f2651630ac850692ec1c0fc604fdf70f528fb9f75bcd975aefeb5_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "fast-uri: fast-uri: Path traversal vulnerability allows bypass of security policies"
},
{
"cve": "CVE-2026-39892",
"cwe": {
"id": "CWE-131",
"name": "Incorrect Calculation of Buffer Size"
},
"discovery_date": "2026-04-08T22:00:59.416053+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:58a826fdd18f7f2d384d11118ecc448faf04fff5611fe7b3881a4099823e5a54_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:6002f4b44f4f2651630ac850692ec1c0fc604fdf70f528fb9f75bcd975aefeb5_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2456735"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the cryptography library. This vulnerability occurs when a non-contiguous buffer is passed to certain application programming interfaces (APIs) that accept Python buffers, such as Hash.update(). A remote attacker could exploit this to cause a buffer overflow, potentially leading to a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "cryptography: Cryptography: Buffer overflow via non-contiguous buffer in API",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "In default configurations Red Hat products isolate service processes from total system access. Should an attacker be able to exploit this vulnerability their impact will be limited to that service account and they will not have access to the broader system.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:4a66f37ba8f857134972c2bc6b9457c6a9b6028a7c865a82fe8af707f7dce3cb_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:feab2c46a1aa558963e8931df75379d5a9ca3a8cd5a18e9d84fa088b0275044b_amd64"
],
"known_not_affected": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:58a826fdd18f7f2d384d11118ecc448faf04fff5611fe7b3881a4099823e5a54_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:6002f4b44f4f2651630ac850692ec1c0fc604fdf70f528fb9f75bcd975aefeb5_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-39892"
},
{
"category": "external",
"summary": "RHBZ#2456735",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456735"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-39892",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-39892"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-39892",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-39892"
},
{
"category": "external",
"summary": "http://www.openwall.com/lists/oss-security/2026/04/08/12",
"url": "http://www.openwall.com/lists/oss-security/2026/04/08/12"
},
{
"category": "external",
"summary": "https://github.com/pyca/cryptography/commit/622d672e429a7cff836a23c5903683dbec1901f5",
"url": "https://github.com/pyca/cryptography/commit/622d672e429a7cff836a23c5903683dbec1901f5"
},
{
"category": "external",
"summary": "https://github.com/pyca/cryptography/security/advisories/GHSA-p423-j2cm-9vmq",
"url": "https://github.com/pyca/cryptography/security/advisories/GHSA-p423-j2cm-9vmq"
}
],
"release_date": "2026-04-08T20:49:41.967000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-15T21:07:32+00:00",
"details": "The containers required to run Discovery can be installed through discovery-installer\nRPM. See the official documentation for more details.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:4a66f37ba8f857134972c2bc6b9457c6a9b6028a7c865a82fe8af707f7dce3cb_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:feab2c46a1aa558963e8931df75379d5a9ca3a8cd5a18e9d84fa088b0275044b_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:26068"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:4a66f37ba8f857134972c2bc6b9457c6a9b6028a7c865a82fe8af707f7dce3cb_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:feab2c46a1aa558963e8931df75379d5a9ca3a8cd5a18e9d84fa088b0275044b_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:58a826fdd18f7f2d384d11118ecc448faf04fff5611fe7b3881a4099823e5a54_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:6002f4b44f4f2651630ac850692ec1c0fc604fdf70f528fb9f75bcd975aefeb5_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:4a66f37ba8f857134972c2bc6b9457c6a9b6028a7c865a82fe8af707f7dce3cb_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:feab2c46a1aa558963e8931df75379d5a9ca3a8cd5a18e9d84fa088b0275044b_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:58a826fdd18f7f2d384d11118ecc448faf04fff5611fe7b3881a4099823e5a54_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:6002f4b44f4f2651630ac850692ec1c0fc604fdf70f528fb9f75bcd975aefeb5_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "cryptography: Cryptography: Buffer overflow via non-contiguous buffer in API"
},
{
"cve": "CVE-2026-42044",
"cwe": {
"id": "CWE-915",
"name": "Improperly Controlled Modification of Dynamically-Determined Object Attributes"
},
"discovery_date": "2026-04-24T19:01:13.418725+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:4a66f37ba8f857134972c2bc6b9457c6a9b6028a7c865a82fe8af707f7dce3cb_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:feab2c46a1aa558963e8931df75379d5a9ca3a8cd5a18e9d84fa088b0275044b_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2461624"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Axios, a widely used HTTP client. This vulnerability, known as a Prototype Pollution \"Gadget\" attack, allows a remote attacker to subtly alter JSON API responses. By manipulating a specific function, an attacker can selectively modify data within these responses. This could lead to significant security breaches, including unauthorized privilege escalation, fraudulent balance manipulation, or bypassing critical authorization checks.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "axios: Axios: Invisible JSON Response Tampering via Prototype Pollution Gadget",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:58a826fdd18f7f2d384d11118ecc448faf04fff5611fe7b3881a4099823e5a54_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:6002f4b44f4f2651630ac850692ec1c0fc604fdf70f528fb9f75bcd975aefeb5_amd64"
],
"known_not_affected": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:4a66f37ba8f857134972c2bc6b9457c6a9b6028a7c865a82fe8af707f7dce3cb_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:feab2c46a1aa558963e8931df75379d5a9ca3a8cd5a18e9d84fa088b0275044b_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-42044"
},
{
"category": "external",
"summary": "RHBZ#2461624",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2461624"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-42044",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42044"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-42044",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42044"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/security/advisories/GHSA-3w6x-2g7m-8v23",
"url": "https://github.com/axios/axios/security/advisories/GHSA-3w6x-2g7m-8v23"
}
],
"release_date": "2026-04-24T17:49:49.517000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-15T21:07:32+00:00",
"details": "The containers required to run Discovery can be installed through discovery-installer\nRPM. See the official documentation for more details.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:58a826fdd18f7f2d384d11118ecc448faf04fff5611fe7b3881a4099823e5a54_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:6002f4b44f4f2651630ac850692ec1c0fc604fdf70f528fb9f75bcd975aefeb5_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:26068"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:4a66f37ba8f857134972c2bc6b9457c6a9b6028a7c865a82fe8af707f7dce3cb_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:feab2c46a1aa558963e8931df75379d5a9ca3a8cd5a18e9d84fa088b0275044b_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:58a826fdd18f7f2d384d11118ecc448faf04fff5611fe7b3881a4099823e5a54_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:6002f4b44f4f2651630ac850692ec1c0fc604fdf70f528fb9f75bcd975aefeb5_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:4a66f37ba8f857134972c2bc6b9457c6a9b6028a7c865a82fe8af707f7dce3cb_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:feab2c46a1aa558963e8931df75379d5a9ca3a8cd5a18e9d84fa088b0275044b_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:58a826fdd18f7f2d384d11118ecc448faf04fff5611fe7b3881a4099823e5a54_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:6002f4b44f4f2651630ac850692ec1c0fc604fdf70f528fb9f75bcd975aefeb5_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "axios: Axios: Invisible JSON Response Tampering via Prototype Pollution Gadget"
},
{
"cve": "CVE-2026-44432",
"cwe": {
"id": "CWE-409",
"name": "Improper Handling of Highly Compressed Data (Data Amplification)"
},
"discovery_date": "2026-05-13T17:01:01.083841+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:58a826fdd18f7f2d384d11118ecc448faf04fff5611fe7b3881a4099823e5a54_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:6002f4b44f4f2651630ac850692ec1c0fc604fdf70f528fb9f75bcd975aefeb5_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2477154"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in urllib3, an HTTP client library for Python. This vulnerability allows a remote attacker to cause excessive resource consumption, such as high CPU usage and massive memory allocation, on the client side. This occurs when urllib3 attempts to decompress an entire HTTP response, even if only a partial read was requested, or when draining the connection after a partial decompression. This can lead to a Denial of Service (DoS) condition.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "urllib3: urllib3: Denial of Service due to excessive HTTP response decompression",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:4a66f37ba8f857134972c2bc6b9457c6a9b6028a7c865a82fe8af707f7dce3cb_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:feab2c46a1aa558963e8931df75379d5a9ca3a8cd5a18e9d84fa088b0275044b_amd64"
],
"known_not_affected": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:58a826fdd18f7f2d384d11118ecc448faf04fff5611fe7b3881a4099823e5a54_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:6002f4b44f4f2651630ac850692ec1c0fc604fdf70f528fb9f75bcd975aefeb5_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-44432"
},
{
"category": "external",
"summary": "RHBZ#2477154",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2477154"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-44432",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-44432"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-44432",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44432"
},
{
"category": "external",
"summary": "https://github.com/urllib3/urllib3/security/advisories/GHSA-mf9v-mfxr-j63j",
"url": "https://github.com/urllib3/urllib3/security/advisories/GHSA-mf9v-mfxr-j63j"
}
],
"release_date": "2026-05-13T15:17:12.611000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-15T21:07:32+00:00",
"details": "The containers required to run Discovery can be installed through discovery-installer\nRPM. See the official documentation for more details.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:4a66f37ba8f857134972c2bc6b9457c6a9b6028a7c865a82fe8af707f7dce3cb_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:feab2c46a1aa558963e8931df75379d5a9ca3a8cd5a18e9d84fa088b0275044b_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:26068"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:4a66f37ba8f857134972c2bc6b9457c6a9b6028a7c865a82fe8af707f7dce3cb_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:feab2c46a1aa558963e8931df75379d5a9ca3a8cd5a18e9d84fa088b0275044b_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:58a826fdd18f7f2d384d11118ecc448faf04fff5611fe7b3881a4099823e5a54_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:6002f4b44f4f2651630ac850692ec1c0fc604fdf70f528fb9f75bcd975aefeb5_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "urllib3: urllib3: Denial of Service due to excessive HTTP response decompression"
}
]
}
RHSA-2026:26212
Vulnerability from csaf_redhat - Published: 2026-06-16 08:47 - Updated: 2026-07-02 05:40A flaw was found in urllib3, an HTTP client library for Python. When using the low-level API via `ProxyManager.connection_from_url().urlopen()` with `assert_same_host=False`, cross-origin redirects can still forward sensitive headers. This could allow a remote attacker to gain unauthorized access to sensitive information.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Satellite 6.18:registry.redhat.io/satellite/iop-puptoo-rhel9@sha256:f4ca1112b4909ceae1121123958c07eae9e869a9ac8a84ffcad8dc937b984c67_amd64 | — |
Vendor Fix
fix
|
A flaw was found in urllib3, an HTTP client library for Python. This vulnerability allows a remote attacker to cause excessive resource consumption, such as high CPU usage and massive memory allocation, on the client side. This occurs when urllib3 attempts to decompress an entire HTTP response, even if only a partial read was requested, or when draining the connection after a partial decompression. This can lead to a Denial of Service (DoS) condition.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Satellite 6.18:registry.redhat.io/satellite/iop-puptoo-rhel9@sha256:f4ca1112b4909ceae1121123958c07eae9e869a9ac8a84ffcad8dc937b984c67_amd64 | — |
Vendor Fix
fix
|
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "A new satellite/iop-puptoo-rhel9 container image is now generally available in the Red Hat container registry.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat Lightspeed in Satellite analyzes system health and configuration by applying predefined rules to a small set of local data, such as installed packages, running services, and configuration settings. When you install Red Hat Lightspeed in Satellite locally, you can generate Red Hat Lightspeed recommendations without sending system data to Red Hat services. ",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:26212",
"url": "https://access.redhat.com/errata/RHSA-2026:26212"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-us/red_hat_satellite/6.18/html/updating_red_hat_satellite/index",
"url": "https://access.redhat.com/documentation/en-us/red_hat_satellite/6.18/html/updating_red_hat_satellite/index"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-44431",
"url": "https://access.redhat.com/security/cve/CVE-2026-44431"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-44432",
"url": "https://access.redhat.com/security/cve/CVE-2026-44432"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "external",
"summary": "https://catalog.redhat.com/software/containers/search",
"url": "https://catalog.redhat.com/software/containers/search"
},
{
"category": "external",
"summary": "https://docs.redhat.com/en/documentation/red_hat_satellite/6.18/html/installing_satellite_server_in_a_connected_network_environment/performing-additional-configuration-on-server_satellite#installing-and-configuring-red-hat-lightspeed-in-satellite",
"url": "https://docs.redhat.com/en/documentation/red_hat_satellite/6.18/html/installing_satellite_server_in_a_connected_network_environment/performing-additional-configuration-on-server_satellite#installing-and-configuring-red-hat-lightspeed-in-satellite"
},
{
"category": "external",
"summary": "https://docs.redhat.com/en/documentation/red_hat_satellite/6.18/html/installing_satellite_server_in_a_disconnected_network_environment/performing-additional-configuration#installing-and-configuring-red-hat-lightspeed-in-satellite",
"url": "https://docs.redhat.com/en/documentation/red_hat_satellite/6.18/html/installing_satellite_server_in_a_disconnected_network_environment/performing-additional-configuration#installing-and-configuring-red-hat-lightspeed-in-satellite"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_26212.json"
}
],
"title": "Red Hat Security Advisory: General availability of the satellite/iop-puptoo-rhel9 container image",
"tracking": {
"current_release_date": "2026-07-02T05:40:17+00:00",
"generator": {
"date": "2026-07-02T05:40:17+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.3.1"
}
},
"id": "RHSA-2026:26212",
"initial_release_date": "2026-06-16T08:47:12+00:00",
"revision_history": [
{
"date": "2026-06-16T08:47:12+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-06-16T08:47:16+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-07-02T05:40:17+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Satellite 6.18",
"product": {
"name": "Red Hat Satellite 6.18",
"product_id": "Red Hat Satellite 6.18",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:satellite:6.18::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat Satellite"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/satellite/iop-puptoo-rhel9@sha256:f4ca1112b4909ceae1121123958c07eae9e869a9ac8a84ffcad8dc937b984c67_amd64",
"product": {
"name": "registry.redhat.io/satellite/iop-puptoo-rhel9@sha256:f4ca1112b4909ceae1121123958c07eae9e869a9ac8a84ffcad8dc937b984c67_amd64",
"product_id": "registry.redhat.io/satellite/iop-puptoo-rhel9@sha256:f4ca1112b4909ceae1121123958c07eae9e869a9ac8a84ffcad8dc937b984c67_amd64",
"product_identification_helper": {
"purl": "pkg:oci/iop-puptoo-rhel9@sha256%3Af4ca1112b4909ceae1121123958c07eae9e869a9ac8a84ffcad8dc937b984c67?arch=amd64\u0026repository_url=registry.redhat.io/satellite/iop-puptoo-rhel9\u0026tag=1779792651"
}
}
}
],
"category": "architecture",
"name": "amd64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/satellite/iop-puptoo-rhel9@sha256:f4ca1112b4909ceae1121123958c07eae9e869a9ac8a84ffcad8dc937b984c67_amd64 as a component of Red Hat Satellite 6.18",
"product_id": "Red Hat Satellite 6.18:registry.redhat.io/satellite/iop-puptoo-rhel9@sha256:f4ca1112b4909ceae1121123958c07eae9e869a9ac8a84ffcad8dc937b984c67_amd64"
},
"product_reference": "registry.redhat.io/satellite/iop-puptoo-rhel9@sha256:f4ca1112b4909ceae1121123958c07eae9e869a9ac8a84ffcad8dc937b984c67_amd64",
"relates_to_product_reference": "Red Hat Satellite 6.18"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-44431",
"cwe": {
"id": "CWE-201",
"name": "Insertion of Sensitive Information Into Sent Data"
},
"discovery_date": "2026-05-13T17:01:41.663622+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2477167"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in urllib3, an HTTP client library for Python. When using the low-level API via `ProxyManager.connection_from_url().urlopen()` with `assert_same_host=False`, cross-origin redirects can still forward sensitive headers. This could allow a remote attacker to gain unauthorized access to sensitive information.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "urllib3: urllib3: Information disclosure via cross-origin redirects forwarding sensitive headers",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Satellite 6.18:registry.redhat.io/satellite/iop-puptoo-rhel9@sha256:f4ca1112b4909ceae1121123958c07eae9e869a9ac8a84ffcad8dc937b984c67_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-44431"
},
{
"category": "external",
"summary": "RHBZ#2477167",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2477167"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-44431",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-44431"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-44431",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44431"
},
{
"category": "external",
"summary": "https://github.com/urllib3/urllib3/security/advisories/GHSA-qccp-gfcp-xxvc",
"url": "https://github.com/urllib3/urllib3/security/advisories/GHSA-qccp-gfcp-xxvc"
}
],
"release_date": "2026-05-13T15:20:24.588000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-16T08:47:12+00:00",
"details": "For Red Hat Lightspeed in Satellite installation see the Red Hat Satellite documentation.",
"product_ids": [
"Red Hat Satellite 6.18:registry.redhat.io/satellite/iop-puptoo-rhel9@sha256:f4ca1112b4909ceae1121123958c07eae9e869a9ac8a84ffcad8dc937b984c67_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:26212"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"Red Hat Satellite 6.18:registry.redhat.io/satellite/iop-puptoo-rhel9@sha256:f4ca1112b4909ceae1121123958c07eae9e869a9ac8a84ffcad8dc937b984c67_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "urllib3: urllib3: Information disclosure via cross-origin redirects forwarding sensitive headers"
},
{
"cve": "CVE-2026-44432",
"cwe": {
"id": "CWE-409",
"name": "Improper Handling of Highly Compressed Data (Data Amplification)"
},
"discovery_date": "2026-05-13T17:01:01.083841+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2477154"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in urllib3, an HTTP client library for Python. This vulnerability allows a remote attacker to cause excessive resource consumption, such as high CPU usage and massive memory allocation, on the client side. This occurs when urllib3 attempts to decompress an entire HTTP response, even if only a partial read was requested, or when draining the connection after a partial decompression. This can lead to a Denial of Service (DoS) condition.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "urllib3: urllib3: Denial of Service due to excessive HTTP response decompression",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Satellite 6.18:registry.redhat.io/satellite/iop-puptoo-rhel9@sha256:f4ca1112b4909ceae1121123958c07eae9e869a9ac8a84ffcad8dc937b984c67_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-44432"
},
{
"category": "external",
"summary": "RHBZ#2477154",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2477154"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-44432",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-44432"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-44432",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44432"
},
{
"category": "external",
"summary": "https://github.com/urllib3/urllib3/security/advisories/GHSA-mf9v-mfxr-j63j",
"url": "https://github.com/urllib3/urllib3/security/advisories/GHSA-mf9v-mfxr-j63j"
}
],
"release_date": "2026-05-13T15:17:12.611000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-16T08:47:12+00:00",
"details": "For Red Hat Lightspeed in Satellite installation see the Red Hat Satellite documentation.",
"product_ids": [
"Red Hat Satellite 6.18:registry.redhat.io/satellite/iop-puptoo-rhel9@sha256:f4ca1112b4909ceae1121123958c07eae9e869a9ac8a84ffcad8dc937b984c67_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:26212"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Satellite 6.18:registry.redhat.io/satellite/iop-puptoo-rhel9@sha256:f4ca1112b4909ceae1121123958c07eae9e869a9ac8a84ffcad8dc937b984c67_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "urllib3: urllib3: Denial of Service due to excessive HTTP response decompression"
}
]
}
RHSA-2026:26304
Vulnerability from csaf_redhat - Published: 2026-06-16 11:53 - Updated: 2026-07-02 05:40A flaw was found in urllib3, an HTTP client library for Python. When using the low-level API via `ProxyManager.connection_from_url().urlopen()` with `assert_same_host=False`, cross-origin redirects can still forward sensitive headers. This could allow a remote attacker to gain unauthorized access to sensitive information.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Satellite 6.18:registry.redhat.io/satellite/iop-insights-engine-rhel9@sha256:0c65c4effbb9f1fc050a0cf5df4fd0b94a43aeb4ffe64dc30643ecb5136b52e5_amd64 | — |
Vendor Fix
fix
|
A flaw was found in urllib3, an HTTP client library for Python. This vulnerability allows a remote attacker to cause excessive resource consumption, such as high CPU usage and massive memory allocation, on the client side. This occurs when urllib3 attempts to decompress an entire HTTP response, even if only a partial read was requested, or when draining the connection after a partial decompression. This can lead to a Denial of Service (DoS) condition.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Satellite 6.18:registry.redhat.io/satellite/iop-insights-engine-rhel9@sha256:0c65c4effbb9f1fc050a0cf5df4fd0b94a43aeb4ffe64dc30643ecb5136b52e5_amd64 | — |
Vendor Fix
fix
|
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "A new satellite/iop-insights-engine-rhel9 container image is now generally available in the Red Hat container registry.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat Lightspeed in Satellite analyzes system health and configuration by applying predefined rules to a small set of local data, such as installed packages, running services, and configuration settings. When you install Red Hat Lightspeed in Satellite locally, you can generate Red Hat Lightspeed recommendations without sending system data to Red Hat services. ",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:26304",
"url": "https://access.redhat.com/errata/RHSA-2026:26304"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-us/red_hat_satellite/6.18/html/updating_red_hat_satellite/index",
"url": "https://access.redhat.com/documentation/en-us/red_hat_satellite/6.18/html/updating_red_hat_satellite/index"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-44431",
"url": "https://access.redhat.com/security/cve/CVE-2026-44431"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-44432",
"url": "https://access.redhat.com/security/cve/CVE-2026-44432"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "external",
"summary": "https://catalog.redhat.com/software/containers/search",
"url": "https://catalog.redhat.com/software/containers/search"
},
{
"category": "external",
"summary": "https://docs.redhat.com/en/documentation/red_hat_satellite/6.18/html/installing_satellite_server_in_a_connected_network_environment/performing-additional-configuration-on-server_satellite#installing-and-configuring-red-hat-lightspeed-in-satellite",
"url": "https://docs.redhat.com/en/documentation/red_hat_satellite/6.18/html/installing_satellite_server_in_a_connected_network_environment/performing-additional-configuration-on-server_satellite#installing-and-configuring-red-hat-lightspeed-in-satellite"
},
{
"category": "external",
"summary": "https://docs.redhat.com/en/documentation/red_hat_satellite/6.18/html/installing_satellite_server_in_a_disconnected_network_environment/performing-additional-configuration#installing-and-configuring-red-hat-lightspeed-in-satellite",
"url": "https://docs.redhat.com/en/documentation/red_hat_satellite/6.18/html/installing_satellite_server_in_a_disconnected_network_environment/performing-additional-configuration#installing-and-configuring-red-hat-lightspeed-in-satellite"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_26304.json"
}
],
"title": "Red Hat Security Advisory: General availability of the satellite/iop-insights-engine-rhel9 container image",
"tracking": {
"current_release_date": "2026-07-02T05:40:19+00:00",
"generator": {
"date": "2026-07-02T05:40:19+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.3.1"
}
},
"id": "RHSA-2026:26304",
"initial_release_date": "2026-06-16T11:53:21+00:00",
"revision_history": [
{
"date": "2026-06-16T11:53:21+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-06-16T11:53:32+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-07-02T05:40:19+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Satellite 6.18",
"product": {
"name": "Red Hat Satellite 6.18",
"product_id": "Red Hat Satellite 6.18",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:satellite:6.18::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat Satellite"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/satellite/iop-insights-engine-rhel9@sha256:0c65c4effbb9f1fc050a0cf5df4fd0b94a43aeb4ffe64dc30643ecb5136b52e5_amd64",
"product": {
"name": "registry.redhat.io/satellite/iop-insights-engine-rhel9@sha256:0c65c4effbb9f1fc050a0cf5df4fd0b94a43aeb4ffe64dc30643ecb5136b52e5_amd64",
"product_id": "registry.redhat.io/satellite/iop-insights-engine-rhel9@sha256:0c65c4effbb9f1fc050a0cf5df4fd0b94a43aeb4ffe64dc30643ecb5136b52e5_amd64",
"product_identification_helper": {
"purl": "pkg:oci/iop-insights-engine-rhel9@sha256%3A0c65c4effbb9f1fc050a0cf5df4fd0b94a43aeb4ffe64dc30643ecb5136b52e5?arch=amd64\u0026repository_url=registry.redhat.io/satellite/iop-insights-engine-rhel9\u0026tag=1779711334"
}
}
}
],
"category": "architecture",
"name": "amd64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/satellite/iop-insights-engine-rhel9@sha256:0c65c4effbb9f1fc050a0cf5df4fd0b94a43aeb4ffe64dc30643ecb5136b52e5_amd64 as a component of Red Hat Satellite 6.18",
"product_id": "Red Hat Satellite 6.18:registry.redhat.io/satellite/iop-insights-engine-rhel9@sha256:0c65c4effbb9f1fc050a0cf5df4fd0b94a43aeb4ffe64dc30643ecb5136b52e5_amd64"
},
"product_reference": "registry.redhat.io/satellite/iop-insights-engine-rhel9@sha256:0c65c4effbb9f1fc050a0cf5df4fd0b94a43aeb4ffe64dc30643ecb5136b52e5_amd64",
"relates_to_product_reference": "Red Hat Satellite 6.18"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-44431",
"cwe": {
"id": "CWE-201",
"name": "Insertion of Sensitive Information Into Sent Data"
},
"discovery_date": "2026-05-13T17:01:41.663622+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2477167"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in urllib3, an HTTP client library for Python. When using the low-level API via `ProxyManager.connection_from_url().urlopen()` with `assert_same_host=False`, cross-origin redirects can still forward sensitive headers. This could allow a remote attacker to gain unauthorized access to sensitive information.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "urllib3: urllib3: Information disclosure via cross-origin redirects forwarding sensitive headers",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Satellite 6.18:registry.redhat.io/satellite/iop-insights-engine-rhel9@sha256:0c65c4effbb9f1fc050a0cf5df4fd0b94a43aeb4ffe64dc30643ecb5136b52e5_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-44431"
},
{
"category": "external",
"summary": "RHBZ#2477167",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2477167"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-44431",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-44431"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-44431",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44431"
},
{
"category": "external",
"summary": "https://github.com/urllib3/urllib3/security/advisories/GHSA-qccp-gfcp-xxvc",
"url": "https://github.com/urllib3/urllib3/security/advisories/GHSA-qccp-gfcp-xxvc"
}
],
"release_date": "2026-05-13T15:20:24.588000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-16T11:53:21+00:00",
"details": "For Red Hat Lightspeed in Satellite installation see the Red Hat Satellite documentation.",
"product_ids": [
"Red Hat Satellite 6.18:registry.redhat.io/satellite/iop-insights-engine-rhel9@sha256:0c65c4effbb9f1fc050a0cf5df4fd0b94a43aeb4ffe64dc30643ecb5136b52e5_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:26304"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"Red Hat Satellite 6.18:registry.redhat.io/satellite/iop-insights-engine-rhel9@sha256:0c65c4effbb9f1fc050a0cf5df4fd0b94a43aeb4ffe64dc30643ecb5136b52e5_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "urllib3: urllib3: Information disclosure via cross-origin redirects forwarding sensitive headers"
},
{
"cve": "CVE-2026-44432",
"cwe": {
"id": "CWE-409",
"name": "Improper Handling of Highly Compressed Data (Data Amplification)"
},
"discovery_date": "2026-05-13T17:01:01.083841+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2477154"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in urllib3, an HTTP client library for Python. This vulnerability allows a remote attacker to cause excessive resource consumption, such as high CPU usage and massive memory allocation, on the client side. This occurs when urllib3 attempts to decompress an entire HTTP response, even if only a partial read was requested, or when draining the connection after a partial decompression. This can lead to a Denial of Service (DoS) condition.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "urllib3: urllib3: Denial of Service due to excessive HTTP response decompression",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Satellite 6.18:registry.redhat.io/satellite/iop-insights-engine-rhel9@sha256:0c65c4effbb9f1fc050a0cf5df4fd0b94a43aeb4ffe64dc30643ecb5136b52e5_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-44432"
},
{
"category": "external",
"summary": "RHBZ#2477154",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2477154"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-44432",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-44432"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-44432",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44432"
},
{
"category": "external",
"summary": "https://github.com/urllib3/urllib3/security/advisories/GHSA-mf9v-mfxr-j63j",
"url": "https://github.com/urllib3/urllib3/security/advisories/GHSA-mf9v-mfxr-j63j"
}
],
"release_date": "2026-05-13T15:17:12.611000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-16T11:53:21+00:00",
"details": "For Red Hat Lightspeed in Satellite installation see the Red Hat Satellite documentation.",
"product_ids": [
"Red Hat Satellite 6.18:registry.redhat.io/satellite/iop-insights-engine-rhel9@sha256:0c65c4effbb9f1fc050a0cf5df4fd0b94a43aeb4ffe64dc30643ecb5136b52e5_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:26304"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Satellite 6.18:registry.redhat.io/satellite/iop-insights-engine-rhel9@sha256:0c65c4effbb9f1fc050a0cf5df4fd0b94a43aeb4ffe64dc30643ecb5136b52e5_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "urllib3: urllib3: Denial of Service due to excessive HTTP response decompression"
}
]
}
RHSA-2026:27929
Vulnerability from csaf_redhat - Published: 2026-06-22 14:50 - Updated: 2026-07-02 05:40A flaw was found in urllib3, an HTTP client library for Python. When using the low-level API via `ProxyManager.connection_from_url().urlopen()` with `assert_same_host=False`, cross-origin redirects can still forward sensitive headers. This could allow a remote attacker to gain unauthorized access to sensitive information.
A flaw was found in urllib3, an HTTP client library for Python. This vulnerability allows a remote attacker to cause excessive resource consumption, such as high CPU usage and massive memory allocation, on the client side. This occurs when urllib3 attempts to decompress an entire HTTP response, even if only a partial read was requested, or when draining the connection after a partial decompression. This can lead to a Denial of Service (DoS) condition.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for python3.14-urllib3 is now available for Red Hat Enterprise Linux 10.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems.\n\nSecurity Fix(es):\n\n* urllib3: urllib3: Denial of Service due to excessive HTTP response decompression (CVE-2026-44432)\n\n* urllib3: urllib3: Information disclosure via cross-origin redirects forwarding sensitive headers (CVE-2026-44431)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:27929",
"url": "https://access.redhat.com/errata/RHSA-2026:27929"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2477154",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2477154"
},
{
"category": "external",
"summary": "2477167",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2477167"
},
{
"category": "external",
"summary": "RHEL-184903",
"url": "https://issues.redhat.com/browse/RHEL-184903"
},
{
"category": "external",
"summary": "RHEL-185128",
"url": "https://issues.redhat.com/browse/RHEL-185128"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_27929.json"
}
],
"title": "Red Hat Security Advisory: python3.14-urllib3 security update",
"tracking": {
"current_release_date": "2026-07-02T05:40:19+00:00",
"generator": {
"date": "2026-07-02T05:40:19+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.3.1"
}
},
"id": "RHSA-2026:27929",
"initial_release_date": "2026-06-22T14:50:02+00:00",
"revision_history": [
{
"date": "2026-06-22T14:50:02+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-06-22T14:50:02+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-07-02T05:40:19+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream (v. 10)",
"product": {
"name": "Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:10.2"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "python3.14-urllib3-0:2.6.3-2.el10_2.noarch",
"product": {
"name": "python3.14-urllib3-0:2.6.3-2.el10_2.noarch",
"product_id": "python3.14-urllib3-0:2.6.3-2.el10_2.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3.14-urllib3@2.6.3-2.el10_2?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "python3.14-urllib3-0:2.6.3-2.el10_2.src",
"product": {
"name": "python3.14-urllib3-0:2.6.3-2.el10_2.src",
"product_id": "python3.14-urllib3-0:2.6.3-2.el10_2.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3.14-urllib3@2.6.3-2.el10_2?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "python3.14-urllib3-0:2.6.3-2.el10_2.noarch as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:python3.14-urllib3-0:2.6.3-2.el10_2.noarch"
},
"product_reference": "python3.14-urllib3-0:2.6.3-2.el10_2.noarch",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3.14-urllib3-0:2.6.3-2.el10_2.src as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:python3.14-urllib3-0:2.6.3-2.el10_2.src"
},
"product_reference": "python3.14-urllib3-0:2.6.3-2.el10_2.src",
"relates_to_product_reference": "AppStream-10.2.Z"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-44431",
"cwe": {
"id": "CWE-201",
"name": "Insertion of Sensitive Information Into Sent Data"
},
"discovery_date": "2026-05-13T17:01:41.663622+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2477167"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in urllib3, an HTTP client library for Python. When using the low-level API via `ProxyManager.connection_from_url().urlopen()` with `assert_same_host=False`, cross-origin redirects can still forward sensitive headers. This could allow a remote attacker to gain unauthorized access to sensitive information.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "urllib3: urllib3: Information disclosure via cross-origin redirects forwarding sensitive headers",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-10.2.Z:python3.14-urllib3-0:2.6.3-2.el10_2.noarch",
"AppStream-10.2.Z:python3.14-urllib3-0:2.6.3-2.el10_2.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-44431"
},
{
"category": "external",
"summary": "RHBZ#2477167",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2477167"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-44431",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-44431"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-44431",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44431"
},
{
"category": "external",
"summary": "https://github.com/urllib3/urllib3/security/advisories/GHSA-qccp-gfcp-xxvc",
"url": "https://github.com/urllib3/urllib3/security/advisories/GHSA-qccp-gfcp-xxvc"
}
],
"release_date": "2026-05-13T15:20:24.588000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-22T14:50:02+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-10.2.Z:python3.14-urllib3-0:2.6.3-2.el10_2.noarch",
"AppStream-10.2.Z:python3.14-urllib3-0:2.6.3-2.el10_2.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:27929"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"AppStream-10.2.Z:python3.14-urllib3-0:2.6.3-2.el10_2.noarch",
"AppStream-10.2.Z:python3.14-urllib3-0:2.6.3-2.el10_2.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "urllib3: urllib3: Information disclosure via cross-origin redirects forwarding sensitive headers"
},
{
"cve": "CVE-2026-44432",
"cwe": {
"id": "CWE-409",
"name": "Improper Handling of Highly Compressed Data (Data Amplification)"
},
"discovery_date": "2026-05-13T17:01:01.083841+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2477154"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in urllib3, an HTTP client library for Python. This vulnerability allows a remote attacker to cause excessive resource consumption, such as high CPU usage and massive memory allocation, on the client side. This occurs when urllib3 attempts to decompress an entire HTTP response, even if only a partial read was requested, or when draining the connection after a partial decompression. This can lead to a Denial of Service (DoS) condition.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "urllib3: urllib3: Denial of Service due to excessive HTTP response decompression",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-10.2.Z:python3.14-urllib3-0:2.6.3-2.el10_2.noarch",
"AppStream-10.2.Z:python3.14-urllib3-0:2.6.3-2.el10_2.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-44432"
},
{
"category": "external",
"summary": "RHBZ#2477154",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2477154"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-44432",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-44432"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-44432",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44432"
},
{
"category": "external",
"summary": "https://github.com/urllib3/urllib3/security/advisories/GHSA-mf9v-mfxr-j63j",
"url": "https://github.com/urllib3/urllib3/security/advisories/GHSA-mf9v-mfxr-j63j"
}
],
"release_date": "2026-05-13T15:17:12.611000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-22T14:50:02+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-10.2.Z:python3.14-urllib3-0:2.6.3-2.el10_2.noarch",
"AppStream-10.2.Z:python3.14-urllib3-0:2.6.3-2.el10_2.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:27929"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-10.2.Z:python3.14-urllib3-0:2.6.3-2.el10_2.noarch",
"AppStream-10.2.Z:python3.14-urllib3-0:2.6.3-2.el10_2.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "urllib3: urllib3: Denial of Service due to excessive HTTP response decompression"
}
]
}
RHSA-2026:28000
Vulnerability from csaf_redhat - Published: 2026-06-22 16:14 - Updated: 2026-07-02 05:40A flaw was found in urllib3, an HTTP client library for Python. When using the low-level API via `ProxyManager.connection_from_url().urlopen()` with `assert_same_host=False`, cross-origin redirects can still forward sensitive headers. This could allow a remote attacker to gain unauthorized access to sensitive information.
A flaw was found in urllib3, an HTTP client library for Python. This vulnerability allows a remote attacker to cause excessive resource consumption, such as high CPU usage and massive memory allocation, on the client side. This occurs when urllib3 attempts to decompress an entire HTTP response, even if only a partial read was requested, or when draining the connection after a partial decompression. This can lead to a Denial of Service (DoS) condition.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for python-urllib3 is now available for Red Hat Enterprise Linux 10.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems.\n\nSecurity Fix(es):\n\n* urllib3: urllib3: Denial of Service due to excessive HTTP response decompression (CVE-2026-44432)\n\n* urllib3: urllib3: Information disclosure via cross-origin redirects forwarding sensitive headers (CVE-2026-44431)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:28000",
"url": "https://access.redhat.com/errata/RHSA-2026:28000"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2477154",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2477154"
},
{
"category": "external",
"summary": "2477167",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2477167"
},
{
"category": "external",
"summary": "RHEL-184817",
"url": "https://issues.redhat.com/browse/RHEL-184817"
},
{
"category": "external",
"summary": "RHEL-185121",
"url": "https://issues.redhat.com/browse/RHEL-185121"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_28000.json"
}
],
"title": "Red Hat Security Advisory: python-urllib3 security update",
"tracking": {
"current_release_date": "2026-07-02T05:40:20+00:00",
"generator": {
"date": "2026-07-02T05:40:20+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.3.1"
}
},
"id": "RHSA-2026:28000",
"initial_release_date": "2026-06-22T16:14:02+00:00",
"revision_history": [
{
"date": "2026-06-22T16:14:02+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-06-22T16:14:02+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-07-02T05:40:20+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux BaseOS (v. 10)",
"product": {
"name": "Red Hat Enterprise Linux BaseOS (v. 10)",
"product_id": "BaseOS-10.2.Z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:10.2"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "python-urllib3-0:1.26.19-4.el10_2.src",
"product": {
"name": "python-urllib3-0:1.26.19-4.el10_2.src",
"product_id": "python-urllib3-0:1.26.19-4.el10_2.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python-urllib3@1.26.19-4.el10_2?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "python3-urllib3-0:1.26.19-4.el10_2.noarch",
"product": {
"name": "python3-urllib3-0:1.26.19-4.el10_2.noarch",
"product_id": "python3-urllib3-0:1.26.19-4.el10_2.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-urllib3@1.26.19-4.el10_2?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "python-urllib3-0:1.26.19-4.el10_2.src as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
"product_id": "BaseOS-10.2.Z:python-urllib3-0:1.26.19-4.el10_2.src"
},
"product_reference": "python-urllib3-0:1.26.19-4.el10_2.src",
"relates_to_product_reference": "BaseOS-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-urllib3-0:1.26.19-4.el10_2.noarch as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
"product_id": "BaseOS-10.2.Z:python3-urllib3-0:1.26.19-4.el10_2.noarch"
},
"product_reference": "python3-urllib3-0:1.26.19-4.el10_2.noarch",
"relates_to_product_reference": "BaseOS-10.2.Z"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-44431",
"cwe": {
"id": "CWE-201",
"name": "Insertion of Sensitive Information Into Sent Data"
},
"discovery_date": "2026-05-13T17:01:41.663622+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2477167"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in urllib3, an HTTP client library for Python. When using the low-level API via `ProxyManager.connection_from_url().urlopen()` with `assert_same_host=False`, cross-origin redirects can still forward sensitive headers. This could allow a remote attacker to gain unauthorized access to sensitive information.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "urllib3: urllib3: Information disclosure via cross-origin redirects forwarding sensitive headers",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"BaseOS-10.2.Z:python-urllib3-0:1.26.19-4.el10_2.src",
"BaseOS-10.2.Z:python3-urllib3-0:1.26.19-4.el10_2.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-44431"
},
{
"category": "external",
"summary": "RHBZ#2477167",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2477167"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-44431",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-44431"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-44431",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44431"
},
{
"category": "external",
"summary": "https://github.com/urllib3/urllib3/security/advisories/GHSA-qccp-gfcp-xxvc",
"url": "https://github.com/urllib3/urllib3/security/advisories/GHSA-qccp-gfcp-xxvc"
}
],
"release_date": "2026-05-13T15:20:24.588000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-22T16:14:02+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"BaseOS-10.2.Z:python-urllib3-0:1.26.19-4.el10_2.src",
"BaseOS-10.2.Z:python3-urllib3-0:1.26.19-4.el10_2.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:28000"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"BaseOS-10.2.Z:python-urllib3-0:1.26.19-4.el10_2.src",
"BaseOS-10.2.Z:python3-urllib3-0:1.26.19-4.el10_2.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "urllib3: urllib3: Information disclosure via cross-origin redirects forwarding sensitive headers"
},
{
"cve": "CVE-2026-44432",
"cwe": {
"id": "CWE-409",
"name": "Improper Handling of Highly Compressed Data (Data Amplification)"
},
"discovery_date": "2026-05-13T17:01:01.083841+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2477154"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in urllib3, an HTTP client library for Python. This vulnerability allows a remote attacker to cause excessive resource consumption, such as high CPU usage and massive memory allocation, on the client side. This occurs when urllib3 attempts to decompress an entire HTTP response, even if only a partial read was requested, or when draining the connection after a partial decompression. This can lead to a Denial of Service (DoS) condition.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "urllib3: urllib3: Denial of Service due to excessive HTTP response decompression",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"BaseOS-10.2.Z:python-urllib3-0:1.26.19-4.el10_2.src",
"BaseOS-10.2.Z:python3-urllib3-0:1.26.19-4.el10_2.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-44432"
},
{
"category": "external",
"summary": "RHBZ#2477154",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2477154"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-44432",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-44432"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-44432",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44432"
},
{
"category": "external",
"summary": "https://github.com/urllib3/urllib3/security/advisories/GHSA-mf9v-mfxr-j63j",
"url": "https://github.com/urllib3/urllib3/security/advisories/GHSA-mf9v-mfxr-j63j"
}
],
"release_date": "2026-05-13T15:17:12.611000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-22T16:14:02+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"BaseOS-10.2.Z:python-urllib3-0:1.26.19-4.el10_2.src",
"BaseOS-10.2.Z:python3-urllib3-0:1.26.19-4.el10_2.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:28000"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"BaseOS-10.2.Z:python-urllib3-0:1.26.19-4.el10_2.src",
"BaseOS-10.2.Z:python3-urllib3-0:1.26.19-4.el10_2.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "urllib3: urllib3: Denial of Service due to excessive HTTP response decompression"
}
]
}
RHSA-2026:28157
Vulnerability from csaf_redhat - Published: 2026-06-23 10:55 - Updated: 2026-07-02 05:40A flaw was found in urllib3, an HTTP client library for Python. When using the low-level API via `ProxyManager.connection_from_url().urlopen()` with `assert_same_host=False`, cross-origin redirects can still forward sensitive headers. This could allow a remote attacker to gain unauthorized access to sensitive information.
A flaw was found in urllib3, an HTTP client library for Python. This vulnerability allows a remote attacker to cause excessive resource consumption, such as high CPU usage and massive memory allocation, on the client side. This occurs when urllib3 attempts to decompress an entire HTTP response, even if only a partial read was requested, or when draining the connection after a partial decompression. This can lead to a Denial of Service (DoS) condition.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for python3.14-urllib3 is now available for Red Hat Enterprise Linux 9.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems.\n\nSecurity Fix(es):\n\n* urllib3: urllib3: Denial of Service due to excessive HTTP response decompression (CVE-2026-44432)\n\n* urllib3: urllib3: Information disclosure via cross-origin redirects forwarding sensitive headers (CVE-2026-44431)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:28157",
"url": "https://access.redhat.com/errata/RHSA-2026:28157"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2477154",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2477154"
},
{
"category": "external",
"summary": "2477167",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2477167"
},
{
"category": "external",
"summary": "RHEL-184902",
"url": "https://issues.redhat.com/browse/RHEL-184902"
},
{
"category": "external",
"summary": "RHEL-185127",
"url": "https://issues.redhat.com/browse/RHEL-185127"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_28157.json"
}
],
"title": "Red Hat Security Advisory: python3.14-urllib3 security update",
"tracking": {
"current_release_date": "2026-07-02T05:40:24+00:00",
"generator": {
"date": "2026-07-02T05:40:24+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.3.1"
}
},
"id": "RHSA-2026:28157",
"initial_release_date": "2026-06-23T10:55:47+00:00",
"revision_history": [
{
"date": "2026-06-23T10:55:47+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-06-23T10:55:47+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-07-02T05:40:24+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream (v. 9)",
"product": {
"name": "Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:enterprise_linux:9::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "python3.14-urllib3-0:2.6.3-2.el9_8.noarch",
"product": {
"name": "python3.14-urllib3-0:2.6.3-2.el9_8.noarch",
"product_id": "python3.14-urllib3-0:2.6.3-2.el9_8.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3.14-urllib3@2.6.3-2.el9_8?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "python3.14-urllib3-0:2.6.3-2.el9_8.src",
"product": {
"name": "python3.14-urllib3-0:2.6.3-2.el9_8.src",
"product_id": "python3.14-urllib3-0:2.6.3-2.el9_8.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3.14-urllib3@2.6.3-2.el9_8?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "python3.14-urllib3-0:2.6.3-2.el9_8.noarch as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:python3.14-urllib3-0:2.6.3-2.el9_8.noarch"
},
"product_reference": "python3.14-urllib3-0:2.6.3-2.el9_8.noarch",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3.14-urllib3-0:2.6.3-2.el9_8.src as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:python3.14-urllib3-0:2.6.3-2.el9_8.src"
},
"product_reference": "python3.14-urllib3-0:2.6.3-2.el9_8.src",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-44431",
"cwe": {
"id": "CWE-201",
"name": "Insertion of Sensitive Information Into Sent Data"
},
"discovery_date": "2026-05-13T17:01:41.663622+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2477167"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in urllib3, an HTTP client library for Python. When using the low-level API via `ProxyManager.connection_from_url().urlopen()` with `assert_same_host=False`, cross-origin redirects can still forward sensitive headers. This could allow a remote attacker to gain unauthorized access to sensitive information.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "urllib3: urllib3: Information disclosure via cross-origin redirects forwarding sensitive headers",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.8.0.Z.MAIN.EUS:python3.14-urllib3-0:2.6.3-2.el9_8.noarch",
"AppStream-9.8.0.Z.MAIN.EUS:python3.14-urllib3-0:2.6.3-2.el9_8.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-44431"
},
{
"category": "external",
"summary": "RHBZ#2477167",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2477167"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-44431",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-44431"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-44431",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44431"
},
{
"category": "external",
"summary": "https://github.com/urllib3/urllib3/security/advisories/GHSA-qccp-gfcp-xxvc",
"url": "https://github.com/urllib3/urllib3/security/advisories/GHSA-qccp-gfcp-xxvc"
}
],
"release_date": "2026-05-13T15:20:24.588000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-23T10:55:47+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.8.0.Z.MAIN.EUS:python3.14-urllib3-0:2.6.3-2.el9_8.noarch",
"AppStream-9.8.0.Z.MAIN.EUS:python3.14-urllib3-0:2.6.3-2.el9_8.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:28157"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"AppStream-9.8.0.Z.MAIN.EUS:python3.14-urllib3-0:2.6.3-2.el9_8.noarch",
"AppStream-9.8.0.Z.MAIN.EUS:python3.14-urllib3-0:2.6.3-2.el9_8.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "urllib3: urllib3: Information disclosure via cross-origin redirects forwarding sensitive headers"
},
{
"cve": "CVE-2026-44432",
"cwe": {
"id": "CWE-409",
"name": "Improper Handling of Highly Compressed Data (Data Amplification)"
},
"discovery_date": "2026-05-13T17:01:01.083841+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2477154"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in urllib3, an HTTP client library for Python. This vulnerability allows a remote attacker to cause excessive resource consumption, such as high CPU usage and massive memory allocation, on the client side. This occurs when urllib3 attempts to decompress an entire HTTP response, even if only a partial read was requested, or when draining the connection after a partial decompression. This can lead to a Denial of Service (DoS) condition.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "urllib3: urllib3: Denial of Service due to excessive HTTP response decompression",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.8.0.Z.MAIN.EUS:python3.14-urllib3-0:2.6.3-2.el9_8.noarch",
"AppStream-9.8.0.Z.MAIN.EUS:python3.14-urllib3-0:2.6.3-2.el9_8.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-44432"
},
{
"category": "external",
"summary": "RHBZ#2477154",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2477154"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-44432",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-44432"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-44432",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44432"
},
{
"category": "external",
"summary": "https://github.com/urllib3/urllib3/security/advisories/GHSA-mf9v-mfxr-j63j",
"url": "https://github.com/urllib3/urllib3/security/advisories/GHSA-mf9v-mfxr-j63j"
}
],
"release_date": "2026-05-13T15:17:12.611000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-23T10:55:47+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.8.0.Z.MAIN.EUS:python3.14-urllib3-0:2.6.3-2.el9_8.noarch",
"AppStream-9.8.0.Z.MAIN.EUS:python3.14-urllib3-0:2.6.3-2.el9_8.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:28157"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.8.0.Z.MAIN.EUS:python3.14-urllib3-0:2.6.3-2.el9_8.noarch",
"AppStream-9.8.0.Z.MAIN.EUS:python3.14-urllib3-0:2.6.3-2.el9_8.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "urllib3: urllib3: Denial of Service due to excessive HTTP response decompression"
}
]
}
RHSA-2026:28158
Vulnerability from csaf_redhat - Published: 2026-06-23 10:47 - Updated: 2026-07-02 05:40A flaw was found in urllib3, an HTTP client library for Python. When using the low-level API via `ProxyManager.connection_from_url().urlopen()` with `assert_same_host=False`, cross-origin redirects can still forward sensitive headers. This could allow a remote attacker to gain unauthorized access to sensitive information.
A flaw was found in urllib3, an HTTP client library for Python. This vulnerability allows a remote attacker to cause excessive resource consumption, such as high CPU usage and massive memory allocation, on the client side. This occurs when urllib3 attempts to decompress an entire HTTP response, even if only a partial read was requested, or when draining the connection after a partial decompression. This can lead to a Denial of Service (DoS) condition.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for python-urllib3 is now available for Red Hat Enterprise Linux 9.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems.\n\nSecurity Fix(es):\n\n* urllib3: urllib3: Denial of Service due to excessive HTTP response decompression (CVE-2026-44432)\n\n* urllib3: urllib3: Information disclosure via cross-origin redirects forwarding sensitive headers (CVE-2026-44431)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:28158",
"url": "https://access.redhat.com/errata/RHSA-2026:28158"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2477154",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2477154"
},
{
"category": "external",
"summary": "2477167",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2477167"
},
{
"category": "external",
"summary": "RHEL-184816",
"url": "https://issues.redhat.com/browse/RHEL-184816"
},
{
"category": "external",
"summary": "RHEL-185123",
"url": "https://issues.redhat.com/browse/RHEL-185123"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_28158.json"
}
],
"title": "Red Hat Security Advisory: python-urllib3 security update",
"tracking": {
"current_release_date": "2026-07-02T05:40:20+00:00",
"generator": {
"date": "2026-07-02T05:40:20+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.3.1"
}
},
"id": "RHSA-2026:28158",
"initial_release_date": "2026-06-23T10:47:47+00:00",
"revision_history": [
{
"date": "2026-06-23T10:47:47+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-06-23T10:47:47+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-07-02T05:40:20+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux BaseOS (v. 9)",
"product": {
"name": "Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.8.0.Z.MAIN.EUS",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:9::baseos"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "python-urllib3-0:1.26.5-8.el9_8.src",
"product": {
"name": "python-urllib3-0:1.26.5-8.el9_8.src",
"product_id": "python-urllib3-0:1.26.5-8.el9_8.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python-urllib3@1.26.5-8.el9_8?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "python3-urllib3-0:1.26.5-8.el9_8.noarch",
"product": {
"name": "python3-urllib3-0:1.26.5-8.el9_8.noarch",
"product_id": "python3-urllib3-0:1.26.5-8.el9_8.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-urllib3@1.26.5-8.el9_8?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "python-urllib3-0:1.26.5-8.el9_8.src as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.8.0.Z.MAIN.EUS:python-urllib3-0:1.26.5-8.el9_8.src"
},
"product_reference": "python-urllib3-0:1.26.5-8.el9_8.src",
"relates_to_product_reference": "BaseOS-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-urllib3-0:1.26.5-8.el9_8.noarch as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.8.0.Z.MAIN.EUS:python3-urllib3-0:1.26.5-8.el9_8.noarch"
},
"product_reference": "python3-urllib3-0:1.26.5-8.el9_8.noarch",
"relates_to_product_reference": "BaseOS-9.8.0.Z.MAIN.EUS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-44431",
"cwe": {
"id": "CWE-201",
"name": "Insertion of Sensitive Information Into Sent Data"
},
"discovery_date": "2026-05-13T17:01:41.663622+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2477167"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in urllib3, an HTTP client library for Python. When using the low-level API via `ProxyManager.connection_from_url().urlopen()` with `assert_same_host=False`, cross-origin redirects can still forward sensitive headers. This could allow a remote attacker to gain unauthorized access to sensitive information.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "urllib3: urllib3: Information disclosure via cross-origin redirects forwarding sensitive headers",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"BaseOS-9.8.0.Z.MAIN.EUS:python-urllib3-0:1.26.5-8.el9_8.src",
"BaseOS-9.8.0.Z.MAIN.EUS:python3-urllib3-0:1.26.5-8.el9_8.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-44431"
},
{
"category": "external",
"summary": "RHBZ#2477167",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2477167"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-44431",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-44431"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-44431",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44431"
},
{
"category": "external",
"summary": "https://github.com/urllib3/urllib3/security/advisories/GHSA-qccp-gfcp-xxvc",
"url": "https://github.com/urllib3/urllib3/security/advisories/GHSA-qccp-gfcp-xxvc"
}
],
"release_date": "2026-05-13T15:20:24.588000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-23T10:47:47+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"BaseOS-9.8.0.Z.MAIN.EUS:python-urllib3-0:1.26.5-8.el9_8.src",
"BaseOS-9.8.0.Z.MAIN.EUS:python3-urllib3-0:1.26.5-8.el9_8.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:28158"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"BaseOS-9.8.0.Z.MAIN.EUS:python-urllib3-0:1.26.5-8.el9_8.src",
"BaseOS-9.8.0.Z.MAIN.EUS:python3-urllib3-0:1.26.5-8.el9_8.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "urllib3: urllib3: Information disclosure via cross-origin redirects forwarding sensitive headers"
},
{
"cve": "CVE-2026-44432",
"cwe": {
"id": "CWE-409",
"name": "Improper Handling of Highly Compressed Data (Data Amplification)"
},
"discovery_date": "2026-05-13T17:01:01.083841+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2477154"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in urllib3, an HTTP client library for Python. This vulnerability allows a remote attacker to cause excessive resource consumption, such as high CPU usage and massive memory allocation, on the client side. This occurs when urllib3 attempts to decompress an entire HTTP response, even if only a partial read was requested, or when draining the connection after a partial decompression. This can lead to a Denial of Service (DoS) condition.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "urllib3: urllib3: Denial of Service due to excessive HTTP response decompression",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"BaseOS-9.8.0.Z.MAIN.EUS:python-urllib3-0:1.26.5-8.el9_8.src",
"BaseOS-9.8.0.Z.MAIN.EUS:python3-urllib3-0:1.26.5-8.el9_8.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-44432"
},
{
"category": "external",
"summary": "RHBZ#2477154",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2477154"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-44432",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-44432"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-44432",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44432"
},
{
"category": "external",
"summary": "https://github.com/urllib3/urllib3/security/advisories/GHSA-mf9v-mfxr-j63j",
"url": "https://github.com/urllib3/urllib3/security/advisories/GHSA-mf9v-mfxr-j63j"
}
],
"release_date": "2026-05-13T15:17:12.611000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-23T10:47:47+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"BaseOS-9.8.0.Z.MAIN.EUS:python-urllib3-0:1.26.5-8.el9_8.src",
"BaseOS-9.8.0.Z.MAIN.EUS:python3-urllib3-0:1.26.5-8.el9_8.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:28158"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"BaseOS-9.8.0.Z.MAIN.EUS:python-urllib3-0:1.26.5-8.el9_8.src",
"BaseOS-9.8.0.Z.MAIN.EUS:python3-urllib3-0:1.26.5-8.el9_8.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "urllib3: urllib3: Denial of Service due to excessive HTTP response decompression"
}
]
}
RHSA-2026:28159
Vulnerability from csaf_redhat - Published: 2026-06-23 10:51 - Updated: 2026-07-02 05:40A flaw was found in urllib3, an HTTP client library for Python. When using the low-level API via `ProxyManager.connection_from_url().urlopen()` with `assert_same_host=False`, cross-origin redirects can still forward sensitive headers. This could allow a remote attacker to gain unauthorized access to sensitive information.
A flaw was found in urllib3, an HTTP client library for Python. This vulnerability allows a remote attacker to cause excessive resource consumption, such as high CPU usage and massive memory allocation, on the client side. This occurs when urllib3 attempts to decompress an entire HTTP response, even if only a partial read was requested, or when draining the connection after a partial decompression. This can lead to a Denial of Service (DoS) condition.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for python3.12-urllib3 is now available for Red Hat Enterprise Linux 9.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems.\n\nSecurity Fix(es):\n\n* urllib3: urllib3: Denial of Service due to excessive HTTP response decompression (CVE-2026-44432)\n\n* urllib3: urllib3: Information disclosure via cross-origin redirects forwarding sensitive headers (CVE-2026-44431)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:28159",
"url": "https://access.redhat.com/errata/RHSA-2026:28159"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2477154",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2477154"
},
{
"category": "external",
"summary": "2477167",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2477167"
},
{
"category": "external",
"summary": "RHEL-184901",
"url": "https://issues.redhat.com/browse/RHEL-184901"
},
{
"category": "external",
"summary": "RHEL-185126",
"url": "https://issues.redhat.com/browse/RHEL-185126"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_28159.json"
}
],
"title": "Red Hat Security Advisory: python3.12-urllib3 security update",
"tracking": {
"current_release_date": "2026-07-02T05:40:21+00:00",
"generator": {
"date": "2026-07-02T05:40:21+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.3.1"
}
},
"id": "RHSA-2026:28159",
"initial_release_date": "2026-06-23T10:51:21+00:00",
"revision_history": [
{
"date": "2026-06-23T10:51:21+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-06-23T10:51:21+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-07-02T05:40:21+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream (v. 9)",
"product": {
"name": "Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:enterprise_linux:9::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "python3.12-urllib3-0:1.26.19-3.el9_8.noarch",
"product": {
"name": "python3.12-urllib3-0:1.26.19-3.el9_8.noarch",
"product_id": "python3.12-urllib3-0:1.26.19-3.el9_8.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3.12-urllib3@1.26.19-3.el9_8?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "python3.12-urllib3-0:1.26.19-3.el9_8.src",
"product": {
"name": "python3.12-urllib3-0:1.26.19-3.el9_8.src",
"product_id": "python3.12-urllib3-0:1.26.19-3.el9_8.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3.12-urllib3@1.26.19-3.el9_8?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "python3.12-urllib3-0:1.26.19-3.el9_8.noarch as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:python3.12-urllib3-0:1.26.19-3.el9_8.noarch"
},
"product_reference": "python3.12-urllib3-0:1.26.19-3.el9_8.noarch",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3.12-urllib3-0:1.26.19-3.el9_8.src as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:python3.12-urllib3-0:1.26.19-3.el9_8.src"
},
"product_reference": "python3.12-urllib3-0:1.26.19-3.el9_8.src",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-44431",
"cwe": {
"id": "CWE-201",
"name": "Insertion of Sensitive Information Into Sent Data"
},
"discovery_date": "2026-05-13T17:01:41.663622+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2477167"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in urllib3, an HTTP client library for Python. When using the low-level API via `ProxyManager.connection_from_url().urlopen()` with `assert_same_host=False`, cross-origin redirects can still forward sensitive headers. This could allow a remote attacker to gain unauthorized access to sensitive information.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "urllib3: urllib3: Information disclosure via cross-origin redirects forwarding sensitive headers",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.8.0.Z.MAIN.EUS:python3.12-urllib3-0:1.26.19-3.el9_8.noarch",
"AppStream-9.8.0.Z.MAIN.EUS:python3.12-urllib3-0:1.26.19-3.el9_8.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-44431"
},
{
"category": "external",
"summary": "RHBZ#2477167",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2477167"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-44431",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-44431"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-44431",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44431"
},
{
"category": "external",
"summary": "https://github.com/urllib3/urllib3/security/advisories/GHSA-qccp-gfcp-xxvc",
"url": "https://github.com/urllib3/urllib3/security/advisories/GHSA-qccp-gfcp-xxvc"
}
],
"release_date": "2026-05-13T15:20:24.588000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-23T10:51:21+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.8.0.Z.MAIN.EUS:python3.12-urllib3-0:1.26.19-3.el9_8.noarch",
"AppStream-9.8.0.Z.MAIN.EUS:python3.12-urllib3-0:1.26.19-3.el9_8.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:28159"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"AppStream-9.8.0.Z.MAIN.EUS:python3.12-urllib3-0:1.26.19-3.el9_8.noarch",
"AppStream-9.8.0.Z.MAIN.EUS:python3.12-urllib3-0:1.26.19-3.el9_8.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "urllib3: urllib3: Information disclosure via cross-origin redirects forwarding sensitive headers"
},
{
"cve": "CVE-2026-44432",
"cwe": {
"id": "CWE-409",
"name": "Improper Handling of Highly Compressed Data (Data Amplification)"
},
"discovery_date": "2026-05-13T17:01:01.083841+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2477154"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in urllib3, an HTTP client library for Python. This vulnerability allows a remote attacker to cause excessive resource consumption, such as high CPU usage and massive memory allocation, on the client side. This occurs when urllib3 attempts to decompress an entire HTTP response, even if only a partial read was requested, or when draining the connection after a partial decompression. This can lead to a Denial of Service (DoS) condition.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "urllib3: urllib3: Denial of Service due to excessive HTTP response decompression",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.8.0.Z.MAIN.EUS:python3.12-urllib3-0:1.26.19-3.el9_8.noarch",
"AppStream-9.8.0.Z.MAIN.EUS:python3.12-urllib3-0:1.26.19-3.el9_8.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-44432"
},
{
"category": "external",
"summary": "RHBZ#2477154",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2477154"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-44432",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-44432"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-44432",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44432"
},
{
"category": "external",
"summary": "https://github.com/urllib3/urllib3/security/advisories/GHSA-mf9v-mfxr-j63j",
"url": "https://github.com/urllib3/urllib3/security/advisories/GHSA-mf9v-mfxr-j63j"
}
],
"release_date": "2026-05-13T15:17:12.611000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-23T10:51:21+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.8.0.Z.MAIN.EUS:python3.12-urllib3-0:1.26.19-3.el9_8.noarch",
"AppStream-9.8.0.Z.MAIN.EUS:python3.12-urllib3-0:1.26.19-3.el9_8.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:28159"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.8.0.Z.MAIN.EUS:python3.12-urllib3-0:1.26.19-3.el9_8.noarch",
"AppStream-9.8.0.Z.MAIN.EUS:python3.12-urllib3-0:1.26.19-3.el9_8.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "urllib3: urllib3: Denial of Service due to excessive HTTP response decompression"
}
]
}
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.