WID-SEC-W-2026-1923
Vulnerability from csaf_certbund - Published: 2026-06-14 22:00 - Updated: 2026-07-01 22:00Summary
Red Hat Ansible Automation Platform: Mehrere Schwachstellen
Severity
Mittel
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: Red Hat Ansible Automation Platform ist eine End-to-End-Automatisierungsplattform für die Systemkonfiguration, die Softwarebereitstellung und die Orchestrierung erweiterter Workflows.
Angriff: Ein Angreifer kann mehrere Schwachstellen in Red Hat Ansible Automation Platform ausnutzen, um Sicherheitsvorkehrungen zu umgehen, Informationen offenzulegen, Daten zu manipulieren und einen Denial-of-Service-Zustand herbeizuführen.
Betroffene Betriebssysteme: - Linux
- UNIX
Affected products
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
SUSE openSUSE
SUSE
|
cpe:/o:suse:opensuse:-
|
— | |
|
Red Hat Enterprise Linux 10
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:10
|
10 | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— | |
|
Red Hat Ansible Automation Platform <2.7
Red Hat / Ansible Automation Platform
|
<2.7 |
Affected products
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
SUSE openSUSE
SUSE
|
cpe:/o:suse:opensuse:-
|
— | |
|
Red Hat Enterprise Linux 10
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:10
|
10 | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— | |
|
Red Hat Ansible Automation Platform <2.7
Red Hat / Ansible Automation Platform
|
<2.7 |
Affected products
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
SUSE openSUSE
SUSE
|
cpe:/o:suse:opensuse:-
|
— | |
|
Red Hat Enterprise Linux 10
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:10
|
10 | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— | |
|
Red Hat Ansible Automation Platform <2.7
Red Hat / Ansible Automation Platform
|
<2.7 |
Affected products
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
SUSE openSUSE
SUSE
|
cpe:/o:suse:opensuse:-
|
— | |
|
Red Hat Enterprise Linux 10
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:10
|
10 | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— | |
|
Red Hat Ansible Automation Platform <2.7
Red Hat / Ansible Automation Platform
|
<2.7 |
References
52 references
{
"document": {
"aggregate_severity": {
"text": "mittel"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Red Hat Ansible Automation Platform ist eine End-to-End-Automatisierungsplattform f\u00fcr die Systemkonfiguration, die Softwarebereitstellung und die Orchestrierung erweiterter Workflows.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein Angreifer kann mehrere Schwachstellen in Red Hat Ansible Automation Platform ausnutzen, um Sicherheitsvorkehrungen zu umgehen, Informationen offenzulegen, Daten zu manipulieren und einen Denial-of-Service-Zustand herbeizuf\u00fchren.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux\n- UNIX",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2026-1923 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2026/wid-sec-w-2026-1923.json"
},
{
"category": "self",
"summary": "WID-SEC-2026-1923 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-1923"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:25928 vom 2026-06-14",
"url": "https://access.redhat.com/errata/RHSA-2026:25928"
},
{
"category": "external",
"summary": "RedHat Customer Portal vom 2026-06-14",
"url": "https://access.redhat.com/security/cve/cve-2026-44188"
},
{
"category": "external",
"summary": "RedHat Customer Portal vom 2026-06-14",
"url": "https://access.redhat.com/security/cve/cve-2026-44431"
},
{
"category": "external",
"summary": "RedHat Customer Portal vom 2026-06-14",
"url": "https://access.redhat.com/security/cve/cve-2026-44432"
},
{
"category": "external",
"summary": "RedHat Customer Portal vom 2026-06-14",
"url": "https://access.redhat.com/security/cve/cve-2026-48526"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:25902 vom 2026-06-15",
"url": "https://access.redhat.com/errata/RHSA-2026:25902"
},
{
"category": "external",
"summary": "openSUSE Security Update OPENSUSE-SU-2026:11024-1 vom 2026-06-15",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/HPO4YH435MYRJUUNUXTAXHTHN27D4LVS/"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:26212 vom 2026-06-16",
"url": "https://access.redhat.com/errata/RHSA-2026:26212"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:26226 vom 2026-06-16",
"url": "https://access.redhat.com/errata/RHSA-2026:26226"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:26221 vom 2026-06-16",
"url": "https://access.redhat.com/errata/RHSA-2026:26221"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:26215 vom 2026-06-16",
"url": "https://access.redhat.com/errata/RHSA-2026:26215"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:26068 vom 2026-06-16",
"url": "https://access.redhat.com/errata/RHSA-2026:26068"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:26206 vom 2026-06-16",
"url": "https://access.redhat.com/errata/RHSA-2026:26206"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:26304 vom 2026-06-16",
"url": "https://access.redhat.com/errata/RHSA-2026:26304"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:24009 vom 2026-06-18",
"url": "https://access.redhat.com/errata/RHSA-2026:24009"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:24014 vom 2026-06-18",
"url": "https://access.redhat.com/errata/RHSA-2026:24014"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:24000 vom 2026-06-18",
"url": "https://access.redhat.com/errata/RHSA-2026:24000"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:7625 vom 2026-06-18",
"url": "https://access.redhat.com/errata/RHSA-2026:7625"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:7634 vom 2026-06-18",
"url": "https://access.redhat.com/errata/RHSA-2026:7634"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:27929 vom 2026-06-22",
"url": "https://access.redhat.com/errata/RHSA-2026:27929"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:28000 vom 2026-06-22",
"url": "https://access.redhat.com/errata/RHSA-2026:28000"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:28159 vom 2026-06-23",
"url": "https://access.redhat.com/errata/RHSA-2026:28159"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:28571 vom 2026-06-24",
"url": "https://access.redhat.com/errata/RHSA-2026:28571"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:28157 vom 2026-06-23",
"url": "https://access.redhat.com/errata/RHSA-2026:28157"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:28158 vom 2026-06-23",
"url": "https://access.redhat.com/errata/RHSA-2026:28158"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2026-26206 vom 2026-06-25",
"url": "https://linux.oracle.com/errata/ELSA-2026-26206.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:30088 vom 2026-06-25",
"url": "https://access.redhat.com/errata/RHSA-2026:30088"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:30087 vom 2026-06-25",
"url": "https://access.redhat.com/errata/RHSA-2026:30087"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:2627-1 vom 2026-06-25",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-June/027002.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2026-28158 vom 2026-06-26",
"url": "http://linux.oracle.com/errata/ELSA-2026-28158.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2026-28157 vom 2026-06-26",
"url": "http://linux.oracle.com/errata/ELSA-2026-28157.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:30076 vom 2026-06-25",
"url": "https://access.redhat.com/errata/RHSA-2026:30076"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:30089 vom 2026-06-25",
"url": "https://access.redhat.com/errata/RHSA-2026:30089"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:30078 vom 2026-06-25",
"url": "https://access.redhat.com/errata/RHSA-2026:30078"
},
{
"category": "external",
"summary": "Debian Security Advisory DLA-4651 vom 2026-06-26",
"url": "https://lists.debian.org/debian-lts-announce/2026/06/msg00040.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2026-19355 vom 2026-06-27",
"url": "http://linux.oracle.com/errata/ELSA-2026-19355.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:32992 vom 2026-06-29",
"url": "https://access.redhat.com/errata/RHSA-2026:32992"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:33313 vom 2026-06-30",
"url": "https://access.redhat.com/errata/RHSA-2026:33313"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2026-32992 vom 2026-06-29",
"url": "https://linux.oracle.com/errata/ELSA-2026-32992.html"
},
{
"category": "external",
"summary": "openSUSE Security Update OPENSUSE-SU-2026:21095-1 vom 2026-06-30",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/GTELHYNPNRASWLYH7QBSPJYKW3ZUSUQ6/"
},
{
"category": "external",
"summary": "Rocky Linux Security Advisory RLSA-2026:32992 vom 2026-07-01",
"url": "https://errata.build.resf.org/RLSA-2026:32992"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:33683 vom 2026-06-30",
"url": "https://access.redhat.com/errata/RHSA-2026:33683"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:34526 vom 2026-07-01",
"url": "https://access.redhat.com/errata/RHSA-2026:34526"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:34365 vom 2026-07-01",
"url": "https://access.redhat.com/errata/RHSA-2026:34365"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:34160 vom 2026-07-01",
"url": "https://access.redhat.com/errata/RHSA-2026:34160"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:34374 vom 2026-07-01",
"url": "https://access.redhat.com/errata/RHSA-2026:34374"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:34607 vom 2026-07-02",
"url": "https://access.redhat.com/errata/RHSA-2026:34607"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:34533 vom 2026-07-01",
"url": "https://access.redhat.com/errata/RHSA-2026:34533"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:34532 vom 2026-07-02",
"url": "https://access.redhat.com/errata/RHSA-2026:34532"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:34531 vom 2026-07-02",
"url": "https://access.redhat.com/errata/RHSA-2026:34531"
}
],
"source_lang": "en-US",
"title": "Red Hat Ansible Automation Platform: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2026-07-01T22:00:00.000+00:00",
"generator": {
"date": "2026-07-02T09:24:13.566+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.6.0"
}
},
"id": "WID-SEC-W-2026-1923",
"initial_release_date": "2026-06-14T22:00:00.000+00:00",
"revision_history": [
{
"date": "2026-06-14T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2026-06-15T22:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von European Union Vulnerability Database und openSUSE aufgenommen"
},
{
"date": "2026-06-16T22:00:00.000+00:00",
"number": "3",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2026-06-18T22:00:00.000+00:00",
"number": "4",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2026-06-22T22:00:00.000+00:00",
"number": "5",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2026-06-23T22:00:00.000+00:00",
"number": "6",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2026-06-24T22:00:00.000+00:00",
"number": "7",
"summary": "Neue Updates von Oracle Linux aufgenommen"
},
{
"date": "2026-06-25T22:00:00.000+00:00",
"number": "8",
"summary": "Neue Updates von Red Hat, SUSE und Oracle Linux aufgenommen"
},
{
"date": "2026-06-28T22:00:00.000+00:00",
"number": "9",
"summary": "Neue Updates von Oracle Linux aufgenommen"
},
{
"date": "2026-06-29T22:00:00.000+00:00",
"number": "10",
"summary": "Neue Updates von Red Hat und Oracle Linux aufgenommen"
},
{
"date": "2026-06-30T22:00:00.000+00:00",
"number": "11",
"summary": "Neue Updates von Rocky Enterprise Software Foundation und Red Hat aufgenommen"
},
{
"date": "2026-07-01T22:00:00.000+00:00",
"number": "12",
"summary": "Neue Updates von Red Hat aufgenommen"
}
],
"status": "final",
"version": "12"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Debian Linux",
"product": {
"name": "Debian Linux",
"product_id": "2951",
"product_identification_helper": {
"cpe": "cpe:/o:debian:debian_linux:-"
}
}
}
],
"category": "vendor",
"name": "Debian"
},
{
"branches": [
{
"category": "product_name",
"name": "Oracle Linux",
"product": {
"name": "Oracle Linux",
"product_id": "T004914",
"product_identification_helper": {
"cpe": "cpe:/o:oracle:linux:-"
}
}
}
],
"category": "vendor",
"name": "Oracle"
},
{
"branches": [
{
"category": "product_name",
"name": "RESF Rocky Linux",
"product": {
"name": "RESF Rocky Linux",
"product_id": "T032255",
"product_identification_helper": {
"cpe": "cpe:/o:resf:rocky_linux:-"
}
}
}
],
"category": "vendor",
"name": "RESF"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c2.7",
"product": {
"name": "Red Hat Ansible Automation Platform \u003c2.7",
"product_id": "T055389"
}
},
{
"category": "product_version",
"name": "2.7",
"product": {
"name": "Red Hat Ansible Automation Platform 2.7",
"product_id": "T055389-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:ansible_automation_platform:2.7"
}
}
}
],
"category": "product_name",
"name": "Ansible Automation Platform"
},
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux",
"product": {
"name": "Red Hat Enterprise Linux",
"product_id": "67646",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:-"
}
}
},
{
"category": "product_version",
"name": "10",
"product": {
"name": "Red Hat Enterprise Linux 10",
"product_id": "T055390",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:10"
}
}
}
],
"category": "product_name",
"name": "Enterprise Linux"
}
],
"category": "vendor",
"name": "Red Hat"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux",
"product": {
"name": "SUSE Linux",
"product_id": "T002207",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse_linux:-"
}
}
},
{
"category": "product_name",
"name": "SUSE openSUSE",
"product": {
"name": "SUSE openSUSE",
"product_id": "T027843",
"product_identification_helper": {
"cpe": "cpe:/o:suse:opensuse:-"
}
}
}
],
"category": "vendor",
"name": "SUSE"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-44188",
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"T027843",
"T055390",
"T004914",
"T032255",
"T055389"
]
},
"release_date": "2026-06-14T22:00:00.000+00:00",
"title": "CVE-2026-44188"
},
{
"cve": "CVE-2026-44431",
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"T027843",
"T055390",
"T004914",
"T032255",
"T055389"
]
},
"release_date": "2026-06-14T22:00:00.000+00:00",
"title": "CVE-2026-44431"
},
{
"cve": "CVE-2026-44432",
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"T027843",
"T055390",
"T004914",
"T032255",
"T055389"
]
},
"release_date": "2026-06-14T22:00:00.000+00:00",
"title": "CVE-2026-44432"
},
{
"cve": "CVE-2026-48526",
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"T027843",
"T055390",
"T004914",
"T032255",
"T055389"
]
},
"release_date": "2026-06-14T22:00:00.000+00:00",
"title": "CVE-2026-48526"
}
]
}
Loading…
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…