Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2026-44431 (GCVE-0-2026-44431)
Vulnerability from cvelistv5 – Published: 2026-05-13 15:20 – Updated: 2026-05-13 17:17
VLAI
EPSS
Title
urllib3: Sensitive headers forwarded across origins in proxied low-level redirects
Summary
urllib3 is an HTTP client library for Python. From 1.23 to before 2.7.0, cross-origin redirects followed from the low-level API via ProxyManager.connection_from_url().urlopen(..., assert_same_host=False) still forward these sensitive headers. This vulnerability is fixed in 2.7.0.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://github.com/urllib3/urllib3/security/advis… | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-44431",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-13T16:51:26.677054Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-13T17:17:07.339Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "urllib3",
"vendor": "urllib3",
"versions": [
{
"status": "affected",
"version": "\u003e= 1.23, \u003c 2.7.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "urllib3 is an HTTP client library for Python. From 1.23 to before 2.7.0, cross-origin redirects followed from the low-level API via ProxyManager.connection_from_url().urlopen(..., assert_same_host=False) still forward these sensitive headers. This vulnerability is fixed in 2.7.0."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "HIGH",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-13T15:20:24.588Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/urllib3/urllib3/security/advisories/GHSA-qccp-gfcp-xxvc",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/urllib3/urllib3/security/advisories/GHSA-qccp-gfcp-xxvc"
}
],
"source": {
"advisory": "GHSA-qccp-gfcp-xxvc",
"discovery": "UNKNOWN"
},
"title": "urllib3: Sensitive headers forwarded across origins in proxied low-level redirects"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-44431",
"datePublished": "2026-05-13T15:20:24.588Z",
"dateReserved": "2026-05-06T14:40:00.954Z",
"dateUpdated": "2026-05-13T17:17:07.339Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2026-44431",
"date": "2026-06-24",
"epss": "0.00483",
"percentile": "0.37887"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2026-44431\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2026-05-13T16:16:57.150\",\"lastModified\":\"2026-05-14T13:56:27.263\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"urllib3 is an HTTP client library for Python. From 1.23 to before 2.7.0, cross-origin redirects followed from the low-level API via ProxyManager.connection_from_url().urlopen(..., assert_same_host=False) still forward these sensitive headers. This vulnerability is fixed in 2.7.0.\"}],\"metrics\":{\"cvssMetricV40\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"4.0\",\"vectorString\":\"CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X\",\"baseScore\":8.2,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"attackRequirements\":\"PRESENT\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"vulnConfidentialityImpact\":\"HIGH\",\"vulnIntegrityImpact\":\"NONE\",\"vulnAvailabilityImpact\":\"NONE\",\"subConfidentialityImpact\":\"NONE\",\"subIntegrityImpact\":\"NONE\",\"subAvailabilityImpact\":\"NONE\",\"exploitMaturity\":\"NOT_DEFINED\",\"confidentialityRequirement\":\"NOT_DEFINED\",\"integrityRequirement\":\"NOT_DEFINED\",\"availabilityRequirement\":\"NOT_DEFINED\",\"modifiedAttackVector\":\"NOT_DEFINED\",\"modifiedAttackComplexity\":\"NOT_DEFINED\",\"modifiedAttackRequirements\":\"NOT_DEFINED\",\"modifiedPrivilegesRequired\":\"NOT_DEFINED\",\"modifiedUserInteraction\":\"NOT_DEFINED\",\"modifiedVulnConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedVulnIntegrityImpact\":\"NOT_DEFINED\",\"modifiedVulnAvailabilityImpact\":\"NOT_DEFINED\",\"modifiedSubConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedSubIntegrityImpact\":\"NOT_DEFINED\",\"modifiedSubAvailabilityImpact\":\"NOT_DEFINED\",\"Safety\":\"NOT_DEFINED\",\"Automatable\":\"NOT_DEFINED\",\"Recovery\":\"NOT_DEFINED\",\"valueDensity\":\"NOT_DEFINED\",\"vulnerabilityResponseEffort\":\"NOT_DEFINED\",\"providerUrgency\":\"NOT_DEFINED\"}}],\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N\",\"baseScore\":5.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":1.4}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-200\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:python:urllib3:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"1.23\",\"versionEndExcluding\":\"2.7.0\",\"matchCriteriaId\":\"FEC8DBA3-7985-45C5-A453-F83EC4BD18DA\"}]}]}],\"references\":[{\"url\":\"https://github.com/urllib3/urllib3/security/advisories/GHSA-qccp-gfcp-xxvc\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Mitigation\",\"Vendor Advisory\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2026-44431\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-05-13T16:51:26.677054Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-05-13T17:15:24.639Z\"}}], \"cna\": {\"title\": \"urllib3: Sensitive headers forwarded across origins in proxied low-level redirects\", \"source\": {\"advisory\": \"GHSA-qccp-gfcp-xxvc\", \"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"cvssV4_0\": {\"version\": \"4.0\", \"baseScore\": 8.2, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"HIGH\", \"attackRequirements\": \"PRESENT\", \"privilegesRequired\": \"NONE\", \"subIntegrityImpact\": \"NONE\", \"vulnIntegrityImpact\": \"NONE\", \"subAvailabilityImpact\": \"NONE\", \"vulnAvailabilityImpact\": \"NONE\", \"subConfidentialityImpact\": \"NONE\", \"vulnConfidentialityImpact\": \"HIGH\"}}], \"affected\": [{\"vendor\": \"urllib3\", \"product\": \"urllib3\", \"versions\": [{\"status\": \"affected\", \"version\": \"\u003e= 1.23, \u003c 2.7.0\"}]}], \"references\": [{\"url\": \"https://github.com/urllib3/urllib3/security/advisories/GHSA-qccp-gfcp-xxvc\", \"name\": \"https://github.com/urllib3/urllib3/security/advisories/GHSA-qccp-gfcp-xxvc\", \"tags\": [\"x_refsource_CONFIRM\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"urllib3 is an HTTP client library for Python. From 1.23 to before 2.7.0, cross-origin redirects followed from the low-level API via ProxyManager.connection_from_url().urlopen(..., assert_same_host=False) still forward these sensitive headers. This vulnerability is fixed in 2.7.0.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-200\", \"description\": \"CWE-200: Exposure of Sensitive Information to an Unauthorized Actor\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2026-05-13T15:20:24.588Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2026-44431\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-05-13T17:17:07.339Z\", \"dateReserved\": \"2026-05-06T14:40:00.954Z\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"datePublished\": \"2026-05-13T15:20:24.588Z\", \"assignerShortName\": \"GitHub_M\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
PYSEC-2026-141
Vulnerability from pysec - Published: 2026-05-13 16:16 - Updated: 2026-05-20 09:19
VLAI
Details
urllib3 is an HTTP client library for Python. From 1.23 to before 2.7.0, cross-origin redirects followed from the low-level API via ProxyManager.connection_from_url().urlopen(..., assert_same_host=False) still forward these sensitive headers. This vulnerability is fixed in 2.7.0.
Severity
5.3 (Medium)
Impacted products
| Name | purl | urllib3 | pkg:pypi/urllib3 |
|---|
Aliases
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "urllib3",
"purl": "pkg:pypi/urllib3"
},
"ranges": [
{
"events": [
{
"introduced": "1.23"
},
{
"fixed": "2.7.0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1.23",
"1.24",
"1.24.1",
"1.24.2",
"1.24.3",
"1.25",
"1.25.1",
"1.25.10",
"1.25.11",
"1.25.2",
"1.25.3",
"1.25.4",
"1.25.5",
"1.25.6",
"1.25.7",
"1.25.8",
"1.25.9",
"1.26.0",
"1.26.1",
"1.26.10",
"1.26.11",
"1.26.12",
"1.26.13",
"1.26.14",
"1.26.15",
"1.26.16",
"1.26.17",
"1.26.18",
"1.26.19",
"1.26.2",
"1.26.20",
"1.26.3",
"1.26.4",
"1.26.5",
"1.26.6",
"1.26.7",
"1.26.8",
"1.26.9",
"2.0.0",
"2.0.0a1",
"2.0.0a2",
"2.0.0a3",
"2.0.0a4",
"2.0.1",
"2.0.2",
"2.0.3",
"2.0.4",
"2.0.5",
"2.0.6",
"2.0.7",
"2.1.0",
"2.2.0",
"2.2.1",
"2.2.2",
"2.2.3",
"2.3.0",
"2.4.0",
"2.5.0",
"2.6.0",
"2.6.1",
"2.6.2",
"2.6.3"
]
}
],
"aliases": [
"CVE-2026-44431",
"GHSA-qccp-gfcp-xxvc"
],
"details": "urllib3 is an HTTP client library for Python. From 1.23 to before 2.7.0, cross-origin redirects followed from the low-level API via ProxyManager.connection_from_url().urlopen(..., assert_same_host=False) still forward these sensitive headers. This vulnerability is fixed in 2.7.0.",
"id": "PYSEC-2026-141",
"modified": "2026-05-20T09:19:20.983812Z",
"published": "2026-05-13T16:16:57.150Z",
"references": [
{
"type": "ADVISORY",
"url": "https://github.com/urllib3/urllib3/security/advisories/GHSA-qccp-gfcp-xxvc"
}
],
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
RHSA-2026:24009
Vulnerability from csaf_redhat - Published: 2026-06-07 01:05 - Updated: 2026-06-23 21:53Summary
Red Hat Security Advisory: Red Hat Hardened Images RPMs bug fix and enhancement update
Severity
Important
Notes
Topic: An update for Red Hat Hardened Images RPMs is now available.
Details: This update includes the following RPMs:
python-urllib3:
* python3-urllib3+brotli-2.7.0-3.hum1 (noarch)
* python3-urllib3+h2-2.7.0-3.hum1 (noarch)
* python3-urllib3+socks-2.7.0-3.hum1 (noarch)
* python3-urllib3+zstd-2.7.0-3.hum1 (noarch)
* python3-urllib3-2.7.0-3.hum1 (noarch)
* python-urllib3-2.7.0-3.hum1.src (src)
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in urllib3, an HTTP client library for Python. When using the low-level API via `ProxyManager.connection_from_url().urlopen()` with `assert_same_host=False`, cross-origin redirects can still forward sensitive headers. This could allow a remote attacker to gain unauthorized access to sensitive information.
5.9 (Medium)
Affected products
Threats
Impact
Moderate
A flaw was found in urllib3, an HTTP client library for Python. This vulnerability allows a remote attacker to cause excessive resource consumption, such as high CPU usage and massive memory allocation, on the client side. This occurs when urllib3 attempts to decompress an entire HTTP response, even if only a partial read was requested, or when draining the connection after a partial decompression. This can lead to a Denial of Service (DoS) condition.
7.5 (High)
Affected products
Threats
Impact
Important
References
16 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for Red Hat Hardened Images RPMs is now available.",
"title": "Topic"
},
{
"category": "general",
"text": "This update includes the following RPMs:\n\npython-urllib3:\n * python3-urllib3+brotli-2.7.0-3.hum1 (noarch)\n * python3-urllib3+h2-2.7.0-3.hum1 (noarch)\n * python3-urllib3+socks-2.7.0-3.hum1 (noarch)\n * python3-urllib3+zstd-2.7.0-3.hum1 (noarch)\n * python3-urllib3-2.7.0-3.hum1 (noarch)\n * python-urllib3-2.7.0-3.hum1.src (src)",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:24009",
"url": "https://access.redhat.com/errata/RHSA-2026:24009"
},
{
"category": "external",
"summary": "https://images.redhat.com/",
"url": "https://images.redhat.com/"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-44432",
"url": "https://access.redhat.com/security/cve/CVE-2026-44432"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-44431",
"url": "https://access.redhat.com/security/cve/CVE-2026-44431"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_24009.json"
}
],
"title": "Red Hat Security Advisory: Red Hat Hardened Images RPMs bug fix and enhancement update",
"tracking": {
"current_release_date": "2026-06-23T21:53:16+00:00",
"generator": {
"date": "2026-06-23T21:53:16+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.0.0"
}
},
"id": "RHSA-2026:24009",
"initial_release_date": "2026-06-07T01:05:03+00:00",
"revision_history": [
{
"date": "2026-06-07T01:05:03+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-06-18T13:19:19+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-06-23T21:53:16+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Hardened Images",
"product": {
"name": "Red Hat Hardened Images",
"product_id": "Red Hat Hardened Images",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:hummingbird:1"
}
}
}
],
"category": "product_family",
"name": "Red Hat Hardened Images"
},
{
"branches": [
{
"category": "product_version",
"name": "python-urllib3-main@src",
"product": {
"name": "python-urllib3-main@src",
"product_id": "python-urllib3-main@src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python-urllib3@2.7.0-3.hum1?arch=src\u0026distro=hummingbird-20251124\u0026repository_id=public-hummingbird-source-rpms"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "python-urllib3-main@noarch",
"product": {
"name": "python-urllib3-main@noarch",
"product_id": "python-urllib3-main@noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-urllib3+brotli@2.7.0-3.hum1?arch=noarch\u0026distro=hummingbird-20251124\u0026repository_id=public-hummingbird-x86_64-rpms"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "python-urllib3-main@noarch as a component of Red Hat Hardened Images",
"product_id": "Red Hat Hardened Images:python-urllib3-main@noarch"
},
"product_reference": "python-urllib3-main@noarch",
"relates_to_product_reference": "Red Hat Hardened Images"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-urllib3-main@src as a component of Red Hat Hardened Images",
"product_id": "Red Hat Hardened Images:python-urllib3-main@src"
},
"product_reference": "python-urllib3-main@src",
"relates_to_product_reference": "Red Hat Hardened Images"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-44431",
"cwe": {
"id": "CWE-201",
"name": "Insertion of Sensitive Information Into Sent Data"
},
"discovery_date": "2026-05-13T17:01:41.663622+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2477167"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in urllib3, an HTTP client library for Python. When using the low-level API via `ProxyManager.connection_from_url().urlopen()` with `assert_same_host=False`, cross-origin redirects can still forward sensitive headers. This could allow a remote attacker to gain unauthorized access to sensitive information.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "urllib3: urllib3: Information disclosure via cross-origin redirects forwarding sensitive headers",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:python-urllib3-main@noarch",
"Red Hat Hardened Images:python-urllib3-main@src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-44431"
},
{
"category": "external",
"summary": "RHBZ#2477167",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2477167"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-44431",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-44431"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-44431",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44431"
},
{
"category": "external",
"summary": "https://github.com/urllib3/urllib3/security/advisories/GHSA-qccp-gfcp-xxvc",
"url": "https://github.com/urllib3/urllib3/security/advisories/GHSA-qccp-gfcp-xxvc"
}
],
"release_date": "2026-05-13T15:20:24.588000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-07T01:05:03+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:python-urllib3-main@noarch",
"Red Hat Hardened Images:python-urllib3-main@src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:24009"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:python-urllib3-main@noarch",
"Red Hat Hardened Images:python-urllib3-main@src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "urllib3: urllib3: Information disclosure via cross-origin redirects forwarding sensitive headers"
},
{
"cve": "CVE-2026-44432",
"cwe": {
"id": "CWE-409",
"name": "Improper Handling of Highly Compressed Data (Data Amplification)"
},
"discovery_date": "2026-05-13T17:01:01.083841+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2477154"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in urllib3, an HTTP client library for Python. This vulnerability allows a remote attacker to cause excessive resource consumption, such as high CPU usage and massive memory allocation, on the client side. This occurs when urllib3 attempts to decompress an entire HTTP response, even if only a partial read was requested, or when draining the connection after a partial decompression. This can lead to a Denial of Service (DoS) condition.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "urllib3: urllib3: Denial of Service due to excessive HTTP response decompression",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:python-urllib3-main@noarch",
"Red Hat Hardened Images:python-urllib3-main@src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-44432"
},
{
"category": "external",
"summary": "RHBZ#2477154",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2477154"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-44432",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-44432"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-44432",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44432"
},
{
"category": "external",
"summary": "https://github.com/urllib3/urllib3/security/advisories/GHSA-mf9v-mfxr-j63j",
"url": "https://github.com/urllib3/urllib3/security/advisories/GHSA-mf9v-mfxr-j63j"
}
],
"release_date": "2026-05-13T15:17:12.611000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-07T01:05:03+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:python-urllib3-main@noarch",
"Red Hat Hardened Images:python-urllib3-main@src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:24009"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:python-urllib3-main@noarch",
"Red Hat Hardened Images:python-urllib3-main@src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "urllib3: urllib3: Denial of Service due to excessive HTTP response decompression"
}
]
}
RHSA-2026:24483
Vulnerability from csaf_redhat - Published: 2026-06-08 13:12 - Updated: 2026-06-23 21:53Summary
Red Hat Security Advisory: RHTAS 1.4 - GA Release of Model Transparency 1.0.1
Severity
Important
Notes
Topic: The GA release of the RHTAS Model Transparency CLI image.
For more details please visit the product documentation at https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.4
Details: The RHTAS Model Transparency CLI image can be used to sign and verify AI/ML workloads
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in pyasn1, a generic ASN.1 library for Python. A remote attacker could exploit this vulnerability by sending a specially crafted RELATIVE-OID with excessive continuation octets. This input validation vulnerability leads to memory exhaustion, resulting in a Denial of Service (DoS) for the affected system.
7.5 (High)
Affected products
Fixed
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/model-transparency-rhel9@sha256:1687e39c23f2718e3b857666ba00aa7596c83810c7f43ba17170c30c95485be7_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/model-transparency-rhel9@sha256:88a0ea22cfa6999d4799dce220608e10369ebe5f77bc27e8f1cf57330ee3796e_arm64 | — |
Vendor Fix
fix
|
Threats
Impact
Important
A flaw was found in the cryptography library. This vulnerability occurs when a non-contiguous buffer is passed to certain application programming interfaces (APIs) that accept Python buffers, such as Hash.update(). A remote attacker could exploit this to cause a buffer overflow, potentially leading to a denial of service.
7.3 (High)
Affected products
Fixed
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/model-transparency-rhel9@sha256:1687e39c23f2718e3b857666ba00aa7596c83810c7f43ba17170c30c95485be7_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/model-transparency-rhel9@sha256:88a0ea22cfa6999d4799dce220608e10369ebe5f77bc27e8f1cf57330ee3796e_arm64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in urllib3, an HTTP client library for Python. When using the low-level API via `ProxyManager.connection_from_url().urlopen()` with `assert_same_host=False`, cross-origin redirects can still forward sensitive headers. This could allow a remote attacker to gain unauthorized access to sensitive information.
5.9 (Medium)
Affected products
Fixed
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/model-transparency-rhel9@sha256:1687e39c23f2718e3b857666ba00aa7596c83810c7f43ba17170c30c95485be7_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/model-transparency-rhel9@sha256:88a0ea22cfa6999d4799dce220608e10369ebe5f77bc27e8f1cf57330ee3796e_arm64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in urllib3, an HTTP client library for Python. This vulnerability allows a remote attacker to cause excessive resource consumption, such as high CPU usage and massive memory allocation, on the client side. This occurs when urllib3 attempts to decompress an entire HTTP response, even if only a partial read was requested, or when draining the connection after a partial decompression. This can lead to a Denial of Service (DoS) condition.
7.5 (High)
Affected products
Fixed
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/model-transparency-rhel9@sha256:1687e39c23f2718e3b857666ba00aa7596c83810c7f43ba17170c30c95485be7_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/model-transparency-rhel9@sha256:88a0ea22cfa6999d4799dce220608e10369ebe5f77bc27e8f1cf57330ee3796e_arm64 | — |
Vendor Fix
fix
|
Threats
Impact
Important
References
33 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "The GA release of the RHTAS Model Transparency CLI image.\nFor more details please visit the product documentation at https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.4",
"title": "Topic"
},
{
"category": "general",
"text": "The RHTAS Model Transparency CLI image can be used to sign and verify AI/ML workloads",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:24483",
"url": "https://access.redhat.com/errata/RHSA-2026:24483"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.4",
"url": "https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.4"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.4/html-single/release_notes/index",
"url": "https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.4/html-single/release_notes/index"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-23490",
"url": "https://access.redhat.com/security/cve/CVE-2026-23490"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-39892",
"url": "https://access.redhat.com/security/cve/CVE-2026-39892"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-44431",
"url": "https://access.redhat.com/security/cve/CVE-2026-44431"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-44432",
"url": "https://access.redhat.com/security/cve/CVE-2026-44432"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_24483.json"
}
],
"title": "Red Hat Security Advisory: RHTAS 1.4 - GA Release of Model Transparency 1.0.1",
"tracking": {
"current_release_date": "2026-06-23T21:53:18+00:00",
"generator": {
"date": "2026-06-23T21:53:18+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.0.0"
}
},
"id": "RHSA-2026:24483",
"initial_release_date": "2026-06-08T13:12:26+00:00",
"revision_history": [
{
"date": "2026-06-08T13:12:26+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-06-08T13:12:34+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-06-23T21:53:18+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Trusted Artifact Signer 1.4",
"product": {
"name": "Red Hat Trusted Artifact Signer 1.4",
"product_id": "Red Hat Trusted Artifact Signer 1.4",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:trusted_artifact_signer:1.4::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat Trusted Artifact Signer"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/rhtas/model-transparency-rhel9@sha256:1687e39c23f2718e3b857666ba00aa7596c83810c7f43ba17170c30c95485be7_amd64",
"product": {
"name": "registry.redhat.io/rhtas/model-transparency-rhel9@sha256:1687e39c23f2718e3b857666ba00aa7596c83810c7f43ba17170c30c95485be7_amd64",
"product_id": "registry.redhat.io/rhtas/model-transparency-rhel9@sha256:1687e39c23f2718e3b857666ba00aa7596c83810c7f43ba17170c30c95485be7_amd64",
"product_identification_helper": {
"purl": "pkg:oci/model-transparency-rhel9@sha256%3A1687e39c23f2718e3b857666ba00aa7596c83810c7f43ba17170c30c95485be7?arch=amd64\u0026repository_url=registry.redhat.io/rhtas/model-transparency-rhel9\u0026tag=1780914886"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/rhtas/model-transparency-rhel9@sha256:88a0ea22cfa6999d4799dce220608e10369ebe5f77bc27e8f1cf57330ee3796e_arm64",
"product": {
"name": "registry.redhat.io/rhtas/model-transparency-rhel9@sha256:88a0ea22cfa6999d4799dce220608e10369ebe5f77bc27e8f1cf57330ee3796e_arm64",
"product_id": "registry.redhat.io/rhtas/model-transparency-rhel9@sha256:88a0ea22cfa6999d4799dce220608e10369ebe5f77bc27e8f1cf57330ee3796e_arm64",
"product_identification_helper": {
"purl": "pkg:oci/model-transparency-rhel9@sha256%3A88a0ea22cfa6999d4799dce220608e10369ebe5f77bc27e8f1cf57330ee3796e?arch=arm64\u0026repository_url=registry.redhat.io/rhtas/model-transparency-rhel9\u0026tag=1780914886"
}
}
}
],
"category": "architecture",
"name": "arm64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhtas/model-transparency-rhel9@sha256:1687e39c23f2718e3b857666ba00aa7596c83810c7f43ba17170c30c95485be7_amd64 as a component of Red Hat Trusted Artifact Signer 1.4",
"product_id": "Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/model-transparency-rhel9@sha256:1687e39c23f2718e3b857666ba00aa7596c83810c7f43ba17170c30c95485be7_amd64"
},
"product_reference": "registry.redhat.io/rhtas/model-transparency-rhel9@sha256:1687e39c23f2718e3b857666ba00aa7596c83810c7f43ba17170c30c95485be7_amd64",
"relates_to_product_reference": "Red Hat Trusted Artifact Signer 1.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhtas/model-transparency-rhel9@sha256:88a0ea22cfa6999d4799dce220608e10369ebe5f77bc27e8f1cf57330ee3796e_arm64 as a component of Red Hat Trusted Artifact Signer 1.4",
"product_id": "Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/model-transparency-rhel9@sha256:88a0ea22cfa6999d4799dce220608e10369ebe5f77bc27e8f1cf57330ee3796e_arm64"
},
"product_reference": "registry.redhat.io/rhtas/model-transparency-rhel9@sha256:88a0ea22cfa6999d4799dce220608e10369ebe5f77bc27e8f1cf57330ee3796e_arm64",
"relates_to_product_reference": "Red Hat Trusted Artifact Signer 1.4"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-23490",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-01-16T20:03:33.790513+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2430472"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in pyasn1, a generic ASN.1 library for Python. A remote attacker could exploit this vulnerability by sending a specially crafted RELATIVE-OID with excessive continuation octets. This input validation vulnerability leads to memory exhaustion, resulting in a Denial of Service (DoS) for the affected system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "pyasn1: pyasn1: Denial of Service due to memory exhaustion from malformed RELATIVE-OID",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/model-transparency-rhel9@sha256:1687e39c23f2718e3b857666ba00aa7596c83810c7f43ba17170c30c95485be7_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/model-transparency-rhel9@sha256:88a0ea22cfa6999d4799dce220608e10369ebe5f77bc27e8f1cf57330ee3796e_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-23490"
},
{
"category": "external",
"summary": "RHBZ#2430472",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2430472"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-23490",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23490"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-23490",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-23490"
},
{
"category": "external",
"summary": "https://github.com/pyasn1/pyasn1/commit/3908f144229eed4df24bd569d16e5991ace44970",
"url": "https://github.com/pyasn1/pyasn1/commit/3908f144229eed4df24bd569d16e5991ace44970"
},
{
"category": "external",
"summary": "https://github.com/pyasn1/pyasn1/releases/tag/v0.6.2",
"url": "https://github.com/pyasn1/pyasn1/releases/tag/v0.6.2"
},
{
"category": "external",
"summary": "https://github.com/pyasn1/pyasn1/security/advisories/GHSA-63vm-454h-vhhq",
"url": "https://github.com/pyasn1/pyasn1/security/advisories/GHSA-63vm-454h-vhhq"
}
],
"release_date": "2026-01-16T19:03:36.442000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-08T13:12:26+00:00",
"details": "The Model Transparency CLI Image is a containerized command-line tool for signing and verifying AI/ML workloads against a private Red Hat Trusted Artifact Signer (RHTAS) instance. It lets teams create signatures and attestations for model artifacts and validate them at build or deploy time using enterprise trust material (e.g., Fulcio/Rekor).\n\nFor details on using the Model Transparency CLI image, refer to the product documentation at https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.4\n\nYou can find the release notes for this version of Red Hat Trusted Artifact Signer at https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.4/html-single/release_notes/index",
"product_ids": [
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/model-transparency-rhel9@sha256:1687e39c23f2718e3b857666ba00aa7596c83810c7f43ba17170c30c95485be7_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/model-transparency-rhel9@sha256:88a0ea22cfa6999d4799dce220608e10369ebe5f77bc27e8f1cf57330ee3796e_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:24483"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/model-transparency-rhel9@sha256:1687e39c23f2718e3b857666ba00aa7596c83810c7f43ba17170c30c95485be7_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/model-transparency-rhel9@sha256:88a0ea22cfa6999d4799dce220608e10369ebe5f77bc27e8f1cf57330ee3796e_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "pyasn1: pyasn1: Denial of Service due to memory exhaustion from malformed RELATIVE-OID"
},
{
"cve": "CVE-2026-39892",
"cwe": {
"id": "CWE-131",
"name": "Incorrect Calculation of Buffer Size"
},
"discovery_date": "2026-04-08T22:00:59.416053+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2456735"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the cryptography library. This vulnerability occurs when a non-contiguous buffer is passed to certain application programming interfaces (APIs) that accept Python buffers, such as Hash.update(). A remote attacker could exploit this to cause a buffer overflow, potentially leading to a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "cryptography: Cryptography: Buffer overflow via non-contiguous buffer in API",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "In default configurations Red Hat products isolate service processes from total system access. Should an attacker be able to exploit this vulnerability their impact will be limited to that service account and they will not have access to the broader system.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/model-transparency-rhel9@sha256:1687e39c23f2718e3b857666ba00aa7596c83810c7f43ba17170c30c95485be7_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/model-transparency-rhel9@sha256:88a0ea22cfa6999d4799dce220608e10369ebe5f77bc27e8f1cf57330ee3796e_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-39892"
},
{
"category": "external",
"summary": "RHBZ#2456735",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456735"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-39892",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-39892"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-39892",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-39892"
},
{
"category": "external",
"summary": "http://www.openwall.com/lists/oss-security/2026/04/08/12",
"url": "http://www.openwall.com/lists/oss-security/2026/04/08/12"
},
{
"category": "external",
"summary": "https://github.com/pyca/cryptography/commit/622d672e429a7cff836a23c5903683dbec1901f5",
"url": "https://github.com/pyca/cryptography/commit/622d672e429a7cff836a23c5903683dbec1901f5"
},
{
"category": "external",
"summary": "https://github.com/pyca/cryptography/security/advisories/GHSA-p423-j2cm-9vmq",
"url": "https://github.com/pyca/cryptography/security/advisories/GHSA-p423-j2cm-9vmq"
}
],
"release_date": "2026-04-08T20:49:41.967000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-08T13:12:26+00:00",
"details": "The Model Transparency CLI Image is a containerized command-line tool for signing and verifying AI/ML workloads against a private Red Hat Trusted Artifact Signer (RHTAS) instance. It lets teams create signatures and attestations for model artifacts and validate them at build or deploy time using enterprise trust material (e.g., Fulcio/Rekor).\n\nFor details on using the Model Transparency CLI image, refer to the product documentation at https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.4\n\nYou can find the release notes for this version of Red Hat Trusted Artifact Signer at https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.4/html-single/release_notes/index",
"product_ids": [
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/model-transparency-rhel9@sha256:1687e39c23f2718e3b857666ba00aa7596c83810c7f43ba17170c30c95485be7_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/model-transparency-rhel9@sha256:88a0ea22cfa6999d4799dce220608e10369ebe5f77bc27e8f1cf57330ee3796e_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:24483"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/model-transparency-rhel9@sha256:1687e39c23f2718e3b857666ba00aa7596c83810c7f43ba17170c30c95485be7_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/model-transparency-rhel9@sha256:88a0ea22cfa6999d4799dce220608e10369ebe5f77bc27e8f1cf57330ee3796e_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/model-transparency-rhel9@sha256:1687e39c23f2718e3b857666ba00aa7596c83810c7f43ba17170c30c95485be7_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/model-transparency-rhel9@sha256:88a0ea22cfa6999d4799dce220608e10369ebe5f77bc27e8f1cf57330ee3796e_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "cryptography: Cryptography: Buffer overflow via non-contiguous buffer in API"
},
{
"cve": "CVE-2026-44431",
"cwe": {
"id": "CWE-201",
"name": "Insertion of Sensitive Information Into Sent Data"
},
"discovery_date": "2026-05-13T17:01:41.663622+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2477167"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in urllib3, an HTTP client library for Python. When using the low-level API via `ProxyManager.connection_from_url().urlopen()` with `assert_same_host=False`, cross-origin redirects can still forward sensitive headers. This could allow a remote attacker to gain unauthorized access to sensitive information.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "urllib3: urllib3: Information disclosure via cross-origin redirects forwarding sensitive headers",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/model-transparency-rhel9@sha256:1687e39c23f2718e3b857666ba00aa7596c83810c7f43ba17170c30c95485be7_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/model-transparency-rhel9@sha256:88a0ea22cfa6999d4799dce220608e10369ebe5f77bc27e8f1cf57330ee3796e_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-44431"
},
{
"category": "external",
"summary": "RHBZ#2477167",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2477167"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-44431",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-44431"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-44431",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44431"
},
{
"category": "external",
"summary": "https://github.com/urllib3/urllib3/security/advisories/GHSA-qccp-gfcp-xxvc",
"url": "https://github.com/urllib3/urllib3/security/advisories/GHSA-qccp-gfcp-xxvc"
}
],
"release_date": "2026-05-13T15:20:24.588000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-08T13:12:26+00:00",
"details": "The Model Transparency CLI Image is a containerized command-line tool for signing and verifying AI/ML workloads against a private Red Hat Trusted Artifact Signer (RHTAS) instance. It lets teams create signatures and attestations for model artifacts and validate them at build or deploy time using enterprise trust material (e.g., Fulcio/Rekor).\n\nFor details on using the Model Transparency CLI image, refer to the product documentation at https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.4\n\nYou can find the release notes for this version of Red Hat Trusted Artifact Signer at https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.4/html-single/release_notes/index",
"product_ids": [
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/model-transparency-rhel9@sha256:1687e39c23f2718e3b857666ba00aa7596c83810c7f43ba17170c30c95485be7_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/model-transparency-rhel9@sha256:88a0ea22cfa6999d4799dce220608e10369ebe5f77bc27e8f1cf57330ee3796e_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:24483"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/model-transparency-rhel9@sha256:1687e39c23f2718e3b857666ba00aa7596c83810c7f43ba17170c30c95485be7_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/model-transparency-rhel9@sha256:88a0ea22cfa6999d4799dce220608e10369ebe5f77bc27e8f1cf57330ee3796e_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "urllib3: urllib3: Information disclosure via cross-origin redirects forwarding sensitive headers"
},
{
"cve": "CVE-2026-44432",
"cwe": {
"id": "CWE-409",
"name": "Improper Handling of Highly Compressed Data (Data Amplification)"
},
"discovery_date": "2026-05-13T17:01:01.083841+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2477154"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in urllib3, an HTTP client library for Python. This vulnerability allows a remote attacker to cause excessive resource consumption, such as high CPU usage and massive memory allocation, on the client side. This occurs when urllib3 attempts to decompress an entire HTTP response, even if only a partial read was requested, or when draining the connection after a partial decompression. This can lead to a Denial of Service (DoS) condition.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "urllib3: urllib3: Denial of Service due to excessive HTTP response decompression",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/model-transparency-rhel9@sha256:1687e39c23f2718e3b857666ba00aa7596c83810c7f43ba17170c30c95485be7_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/model-transparency-rhel9@sha256:88a0ea22cfa6999d4799dce220608e10369ebe5f77bc27e8f1cf57330ee3796e_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-44432"
},
{
"category": "external",
"summary": "RHBZ#2477154",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2477154"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-44432",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-44432"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-44432",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44432"
},
{
"category": "external",
"summary": "https://github.com/urllib3/urllib3/security/advisories/GHSA-mf9v-mfxr-j63j",
"url": "https://github.com/urllib3/urllib3/security/advisories/GHSA-mf9v-mfxr-j63j"
}
],
"release_date": "2026-05-13T15:17:12.611000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-08T13:12:26+00:00",
"details": "The Model Transparency CLI Image is a containerized command-line tool for signing and verifying AI/ML workloads against a private Red Hat Trusted Artifact Signer (RHTAS) instance. It lets teams create signatures and attestations for model artifacts and validate them at build or deploy time using enterprise trust material (e.g., Fulcio/Rekor).\n\nFor details on using the Model Transparency CLI image, refer to the product documentation at https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.4\n\nYou can find the release notes for this version of Red Hat Trusted Artifact Signer at https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.4/html-single/release_notes/index",
"product_ids": [
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/model-transparency-rhel9@sha256:1687e39c23f2718e3b857666ba00aa7596c83810c7f43ba17170c30c95485be7_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/model-transparency-rhel9@sha256:88a0ea22cfa6999d4799dce220608e10369ebe5f77bc27e8f1cf57330ee3796e_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:24483"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/model-transparency-rhel9@sha256:1687e39c23f2718e3b857666ba00aa7596c83810c7f43ba17170c30c95485be7_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/model-transparency-rhel9@sha256:88a0ea22cfa6999d4799dce220608e10369ebe5f77bc27e8f1cf57330ee3796e_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "urllib3: urllib3: Denial of Service due to excessive HTTP response decompression"
}
]
}
RHSA-2026:24540
Vulnerability from csaf_redhat - Published: 2026-06-08 17:50 - Updated: 2026-06-23 21:53Summary
Red Hat Security Advisory: Red Hat AI Inference 3.4.1 (cpu)
Severity
Important
Notes
Topic: Red Hat AI Inference 3.4.1 (cpu) is now available.
Details: Red Hat AI Inference
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in urllib3, an HTTP client library for Python. When using the low-level API via `ProxyManager.connection_from_url().urlopen()` with `assert_same_host=False`, cross-origin redirects can still forward sensitive headers. This could allow a remote attacker to gain unauthorized access to sensitive information.
5.9 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat AI Inference Server 3.4:registry.redhat.io/rhaii/vllm-cpu-rhel9@sha256:a1ec87fc11e84aff94af69fe92827d7a708b78792bce052615fb3c4bf1fc0bef_amd64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in urllib3, an HTTP client library for Python. This vulnerability allows a remote attacker to cause excessive resource consumption, such as high CPU usage and massive memory allocation, on the client side. This occurs when urllib3 attempts to decompress an entire HTTP response, even if only a partial read was requested, or when draining the connection after a partial decompression. This can lead to a Denial of Service (DoS) condition.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat AI Inference Server 3.4:registry.redhat.io/rhaii/vllm-cpu-rhel9@sha256:a1ec87fc11e84aff94af69fe92827d7a708b78792bce052615fb3c4bf1fc0bef_amd64 | — |
Vendor Fix
fix
|
Threats
Impact
Important
References
16 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat AI Inference 3.4.1 (cpu) is now available.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat AI Inference",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:24540",
"url": "https://access.redhat.com/errata/RHSA-2026:24540"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-44431",
"url": "https://access.redhat.com/security/cve/CVE-2026-44431"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-44432",
"url": "https://access.redhat.com/security/cve/CVE-2026-44432"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "external",
"summary": "https://www.redhat.com/en/products/ai/inference-server",
"url": "https://www.redhat.com/en/products/ai/inference-server"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_24540.json"
}
],
"title": "Red Hat Security Advisory: Red Hat AI Inference 3.4.1 (cpu)",
"tracking": {
"current_release_date": "2026-06-23T21:53:18+00:00",
"generator": {
"date": "2026-06-23T21:53:18+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.0.0"
}
},
"id": "RHSA-2026:24540",
"initial_release_date": "2026-06-08T17:50:14+00:00",
"revision_history": [
{
"date": "2026-06-08T17:50:14+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-06-08T17:50:25+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-06-23T21:53:18+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat AI Inference Server 3.4",
"product": {
"name": "Red Hat AI Inference Server 3.4",
"product_id": "Red Hat AI Inference Server 3.4",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:ai_inference_server:3.4::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat AI Inference Server"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/rhaii/vllm-cpu-rhel9@sha256:a1ec87fc11e84aff94af69fe92827d7a708b78792bce052615fb3c4bf1fc0bef_amd64",
"product": {
"name": "registry.redhat.io/rhaii/vllm-cpu-rhel9@sha256:a1ec87fc11e84aff94af69fe92827d7a708b78792bce052615fb3c4bf1fc0bef_amd64",
"product_id": "registry.redhat.io/rhaii/vllm-cpu-rhel9@sha256:a1ec87fc11e84aff94af69fe92827d7a708b78792bce052615fb3c4bf1fc0bef_amd64",
"product_identification_helper": {
"purl": "pkg:oci/vllm-cpu-rhel9@sha256%3Aa1ec87fc11e84aff94af69fe92827d7a708b78792bce052615fb3c4bf1fc0bef?arch=amd64\u0026repository_url=registry.redhat.io/rhaii/vllm-cpu-rhel9\u0026tag=1780356811"
}
}
}
],
"category": "architecture",
"name": "amd64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhaii/vllm-cpu-rhel9@sha256:a1ec87fc11e84aff94af69fe92827d7a708b78792bce052615fb3c4bf1fc0bef_amd64 as a component of Red Hat AI Inference Server 3.4",
"product_id": "Red Hat AI Inference Server 3.4:registry.redhat.io/rhaii/vllm-cpu-rhel9@sha256:a1ec87fc11e84aff94af69fe92827d7a708b78792bce052615fb3c4bf1fc0bef_amd64"
},
"product_reference": "registry.redhat.io/rhaii/vllm-cpu-rhel9@sha256:a1ec87fc11e84aff94af69fe92827d7a708b78792bce052615fb3c4bf1fc0bef_amd64",
"relates_to_product_reference": "Red Hat AI Inference Server 3.4"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-44431",
"cwe": {
"id": "CWE-201",
"name": "Insertion of Sensitive Information Into Sent Data"
},
"discovery_date": "2026-05-13T17:01:41.663622+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2477167"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in urllib3, an HTTP client library for Python. When using the low-level API via `ProxyManager.connection_from_url().urlopen()` with `assert_same_host=False`, cross-origin redirects can still forward sensitive headers. This could allow a remote attacker to gain unauthorized access to sensitive information.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "urllib3: urllib3: Information disclosure via cross-origin redirects forwarding sensitive headers",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AI Inference Server 3.4:registry.redhat.io/rhaii/vllm-cpu-rhel9@sha256:a1ec87fc11e84aff94af69fe92827d7a708b78792bce052615fb3c4bf1fc0bef_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-44431"
},
{
"category": "external",
"summary": "RHBZ#2477167",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2477167"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-44431",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-44431"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-44431",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44431"
},
{
"category": "external",
"summary": "https://github.com/urllib3/urllib3/security/advisories/GHSA-qccp-gfcp-xxvc",
"url": "https://github.com/urllib3/urllib3/security/advisories/GHSA-qccp-gfcp-xxvc"
}
],
"release_date": "2026-05-13T15:20:24.588000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-08T17:50:14+00:00",
"details": "For more information visit https://access.redhat.com/errata/RHSA-2026:24540",
"product_ids": [
"Red Hat AI Inference Server 3.4:registry.redhat.io/rhaii/vllm-cpu-rhel9@sha256:a1ec87fc11e84aff94af69fe92827d7a708b78792bce052615fb3c4bf1fc0bef_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:24540"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"Red Hat AI Inference Server 3.4:registry.redhat.io/rhaii/vllm-cpu-rhel9@sha256:a1ec87fc11e84aff94af69fe92827d7a708b78792bce052615fb3c4bf1fc0bef_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "urllib3: urllib3: Information disclosure via cross-origin redirects forwarding sensitive headers"
},
{
"cve": "CVE-2026-44432",
"cwe": {
"id": "CWE-409",
"name": "Improper Handling of Highly Compressed Data (Data Amplification)"
},
"discovery_date": "2026-05-13T17:01:01.083841+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2477154"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in urllib3, an HTTP client library for Python. This vulnerability allows a remote attacker to cause excessive resource consumption, such as high CPU usage and massive memory allocation, on the client side. This occurs when urllib3 attempts to decompress an entire HTTP response, even if only a partial read was requested, or when draining the connection after a partial decompression. This can lead to a Denial of Service (DoS) condition.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "urllib3: urllib3: Denial of Service due to excessive HTTP response decompression",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AI Inference Server 3.4:registry.redhat.io/rhaii/vllm-cpu-rhel9@sha256:a1ec87fc11e84aff94af69fe92827d7a708b78792bce052615fb3c4bf1fc0bef_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-44432"
},
{
"category": "external",
"summary": "RHBZ#2477154",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2477154"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-44432",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-44432"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-44432",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44432"
},
{
"category": "external",
"summary": "https://github.com/urllib3/urllib3/security/advisories/GHSA-mf9v-mfxr-j63j",
"url": "https://github.com/urllib3/urllib3/security/advisories/GHSA-mf9v-mfxr-j63j"
}
],
"release_date": "2026-05-13T15:17:12.611000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-08T17:50:14+00:00",
"details": "For more information visit https://access.redhat.com/errata/RHSA-2026:24540",
"product_ids": [
"Red Hat AI Inference Server 3.4:registry.redhat.io/rhaii/vllm-cpu-rhel9@sha256:a1ec87fc11e84aff94af69fe92827d7a708b78792bce052615fb3c4bf1fc0bef_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:24540"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat AI Inference Server 3.4:registry.redhat.io/rhaii/vllm-cpu-rhel9@sha256:a1ec87fc11e84aff94af69fe92827d7a708b78792bce052615fb3c4bf1fc0bef_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "urllib3: urllib3: Denial of Service due to excessive HTTP response decompression"
}
]
}
RHSA-2026:24541
Vulnerability from csaf_redhat - Published: 2026-06-08 17:51 - Updated: 2026-06-23 21:53Summary
Red Hat Security Advisory: Red Hat AI Inference 3.4.1 (spyre)
Severity
Important
Notes
Topic: Red Hat AI Inference 3.4.1 (spyre) is now available.
Details: Red Hat AI Inference
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in urllib3, an HTTP client library for Python. When using the low-level API via `ProxyManager.connection_from_url().urlopen()` with `assert_same_host=False`, cross-origin redirects can still forward sensitive headers. This could allow a remote attacker to gain unauthorized access to sensitive information.
5.9 (Medium)
Affected products
Fixed
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat AI Inference Server 3.4:registry.redhat.io/rhaii/vllm-spyre-rhel9@sha256:a89b09f6ec94078c599339b7feee9a0ddfc8048b748169310ed03f4c652d11f8_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat AI Inference Server 3.4:registry.redhat.io/rhaii/vllm-spyre-rhel9@sha256:e12e1c6d65d4b41e530057a37765f36afcfa4e1cf85996bb4ebe13cef713b7d3_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat AI Inference Server 3.4:registry.redhat.io/rhaii/vllm-spyre-rhel9@sha256:f4aa279db2108029bfd1aa1329bccb7144a166fccbbc1d670494f2106d847691_ppc64le | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in urllib3, an HTTP client library for Python. This vulnerability allows a remote attacker to cause excessive resource consumption, such as high CPU usage and massive memory allocation, on the client side. This occurs when urllib3 attempts to decompress an entire HTTP response, even if only a partial read was requested, or when draining the connection after a partial decompression. This can lead to a Denial of Service (DoS) condition.
7.5 (High)
Affected products
Fixed
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat AI Inference Server 3.4:registry.redhat.io/rhaii/vllm-spyre-rhel9@sha256:a89b09f6ec94078c599339b7feee9a0ddfc8048b748169310ed03f4c652d11f8_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat AI Inference Server 3.4:registry.redhat.io/rhaii/vllm-spyre-rhel9@sha256:e12e1c6d65d4b41e530057a37765f36afcfa4e1cf85996bb4ebe13cef713b7d3_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat AI Inference Server 3.4:registry.redhat.io/rhaii/vllm-spyre-rhel9@sha256:f4aa279db2108029bfd1aa1329bccb7144a166fccbbc1d670494f2106d847691_ppc64le | — |
Vendor Fix
fix
|
Threats
Impact
Important
References
16 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat AI Inference 3.4.1 (spyre) is now available.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat AI Inference",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:24541",
"url": "https://access.redhat.com/errata/RHSA-2026:24541"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-44431",
"url": "https://access.redhat.com/security/cve/CVE-2026-44431"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-44432",
"url": "https://access.redhat.com/security/cve/CVE-2026-44432"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "external",
"summary": "https://www.redhat.com/en/products/ai/inference-server",
"url": "https://www.redhat.com/en/products/ai/inference-server"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_24541.json"
}
],
"title": "Red Hat Security Advisory: Red Hat AI Inference 3.4.1 (spyre)",
"tracking": {
"current_release_date": "2026-06-23T21:53:19+00:00",
"generator": {
"date": "2026-06-23T21:53:19+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.0.0"
}
},
"id": "RHSA-2026:24541",
"initial_release_date": "2026-06-08T17:51:10+00:00",
"revision_history": [
{
"date": "2026-06-08T17:51:10+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-06-08T17:51:20+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-06-23T21:53:19+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat AI Inference Server 3.4",
"product": {
"name": "Red Hat AI Inference Server 3.4",
"product_id": "Red Hat AI Inference Server 3.4",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:ai_inference_server:3.4::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat AI Inference Server"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/rhaii/vllm-spyre-rhel9@sha256:f4aa279db2108029bfd1aa1329bccb7144a166fccbbc1d670494f2106d847691_ppc64le",
"product": {
"name": "registry.redhat.io/rhaii/vllm-spyre-rhel9@sha256:f4aa279db2108029bfd1aa1329bccb7144a166fccbbc1d670494f2106d847691_ppc64le",
"product_id": "registry.redhat.io/rhaii/vllm-spyre-rhel9@sha256:f4aa279db2108029bfd1aa1329bccb7144a166fccbbc1d670494f2106d847691_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/vllm-spyre-rhel9@sha256%3Af4aa279db2108029bfd1aa1329bccb7144a166fccbbc1d670494f2106d847691?arch=ppc64le\u0026repository_url=registry.redhat.io/rhaii/vllm-spyre-rhel9\u0026tag=1780356904"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/rhaii/vllm-spyre-rhel9@sha256:a89b09f6ec94078c599339b7feee9a0ddfc8048b748169310ed03f4c652d11f8_s390x",
"product": {
"name": "registry.redhat.io/rhaii/vllm-spyre-rhel9@sha256:a89b09f6ec94078c599339b7feee9a0ddfc8048b748169310ed03f4c652d11f8_s390x",
"product_id": "registry.redhat.io/rhaii/vllm-spyre-rhel9@sha256:a89b09f6ec94078c599339b7feee9a0ddfc8048b748169310ed03f4c652d11f8_s390x",
"product_identification_helper": {
"purl": "pkg:oci/vllm-spyre-rhel9@sha256%3Aa89b09f6ec94078c599339b7feee9a0ddfc8048b748169310ed03f4c652d11f8?arch=s390x\u0026repository_url=registry.redhat.io/rhaii/vllm-spyre-rhel9\u0026tag=1780356904"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/rhaii/vllm-spyre-rhel9@sha256:e12e1c6d65d4b41e530057a37765f36afcfa4e1cf85996bb4ebe13cef713b7d3_amd64",
"product": {
"name": "registry.redhat.io/rhaii/vllm-spyre-rhel9@sha256:e12e1c6d65d4b41e530057a37765f36afcfa4e1cf85996bb4ebe13cef713b7d3_amd64",
"product_id": "registry.redhat.io/rhaii/vllm-spyre-rhel9@sha256:e12e1c6d65d4b41e530057a37765f36afcfa4e1cf85996bb4ebe13cef713b7d3_amd64",
"product_identification_helper": {
"purl": "pkg:oci/vllm-spyre-rhel9@sha256%3Ae12e1c6d65d4b41e530057a37765f36afcfa4e1cf85996bb4ebe13cef713b7d3?arch=amd64\u0026repository_url=registry.redhat.io/rhaii/vllm-spyre-rhel9\u0026tag=1780356904"
}
}
}
],
"category": "architecture",
"name": "amd64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhaii/vllm-spyre-rhel9@sha256:a89b09f6ec94078c599339b7feee9a0ddfc8048b748169310ed03f4c652d11f8_s390x as a component of Red Hat AI Inference Server 3.4",
"product_id": "Red Hat AI Inference Server 3.4:registry.redhat.io/rhaii/vllm-spyre-rhel9@sha256:a89b09f6ec94078c599339b7feee9a0ddfc8048b748169310ed03f4c652d11f8_s390x"
},
"product_reference": "registry.redhat.io/rhaii/vllm-spyre-rhel9@sha256:a89b09f6ec94078c599339b7feee9a0ddfc8048b748169310ed03f4c652d11f8_s390x",
"relates_to_product_reference": "Red Hat AI Inference Server 3.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhaii/vllm-spyre-rhel9@sha256:e12e1c6d65d4b41e530057a37765f36afcfa4e1cf85996bb4ebe13cef713b7d3_amd64 as a component of Red Hat AI Inference Server 3.4",
"product_id": "Red Hat AI Inference Server 3.4:registry.redhat.io/rhaii/vllm-spyre-rhel9@sha256:e12e1c6d65d4b41e530057a37765f36afcfa4e1cf85996bb4ebe13cef713b7d3_amd64"
},
"product_reference": "registry.redhat.io/rhaii/vllm-spyre-rhel9@sha256:e12e1c6d65d4b41e530057a37765f36afcfa4e1cf85996bb4ebe13cef713b7d3_amd64",
"relates_to_product_reference": "Red Hat AI Inference Server 3.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhaii/vllm-spyre-rhel9@sha256:f4aa279db2108029bfd1aa1329bccb7144a166fccbbc1d670494f2106d847691_ppc64le as a component of Red Hat AI Inference Server 3.4",
"product_id": "Red Hat AI Inference Server 3.4:registry.redhat.io/rhaii/vllm-spyre-rhel9@sha256:f4aa279db2108029bfd1aa1329bccb7144a166fccbbc1d670494f2106d847691_ppc64le"
},
"product_reference": "registry.redhat.io/rhaii/vllm-spyre-rhel9@sha256:f4aa279db2108029bfd1aa1329bccb7144a166fccbbc1d670494f2106d847691_ppc64le",
"relates_to_product_reference": "Red Hat AI Inference Server 3.4"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-44431",
"cwe": {
"id": "CWE-201",
"name": "Insertion of Sensitive Information Into Sent Data"
},
"discovery_date": "2026-05-13T17:01:41.663622+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2477167"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in urllib3, an HTTP client library for Python. When using the low-level API via `ProxyManager.connection_from_url().urlopen()` with `assert_same_host=False`, cross-origin redirects can still forward sensitive headers. This could allow a remote attacker to gain unauthorized access to sensitive information.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "urllib3: urllib3: Information disclosure via cross-origin redirects forwarding sensitive headers",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AI Inference Server 3.4:registry.redhat.io/rhaii/vllm-spyre-rhel9@sha256:a89b09f6ec94078c599339b7feee9a0ddfc8048b748169310ed03f4c652d11f8_s390x",
"Red Hat AI Inference Server 3.4:registry.redhat.io/rhaii/vllm-spyre-rhel9@sha256:e12e1c6d65d4b41e530057a37765f36afcfa4e1cf85996bb4ebe13cef713b7d3_amd64",
"Red Hat AI Inference Server 3.4:registry.redhat.io/rhaii/vllm-spyre-rhel9@sha256:f4aa279db2108029bfd1aa1329bccb7144a166fccbbc1d670494f2106d847691_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-44431"
},
{
"category": "external",
"summary": "RHBZ#2477167",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2477167"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-44431",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-44431"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-44431",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44431"
},
{
"category": "external",
"summary": "https://github.com/urllib3/urllib3/security/advisories/GHSA-qccp-gfcp-xxvc",
"url": "https://github.com/urllib3/urllib3/security/advisories/GHSA-qccp-gfcp-xxvc"
}
],
"release_date": "2026-05-13T15:20:24.588000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-08T17:51:10+00:00",
"details": "For more information visit https://access.redhat.com/errata/RHSA-2026:24541",
"product_ids": [
"Red Hat AI Inference Server 3.4:registry.redhat.io/rhaii/vllm-spyre-rhel9@sha256:a89b09f6ec94078c599339b7feee9a0ddfc8048b748169310ed03f4c652d11f8_s390x",
"Red Hat AI Inference Server 3.4:registry.redhat.io/rhaii/vllm-spyre-rhel9@sha256:e12e1c6d65d4b41e530057a37765f36afcfa4e1cf85996bb4ebe13cef713b7d3_amd64",
"Red Hat AI Inference Server 3.4:registry.redhat.io/rhaii/vllm-spyre-rhel9@sha256:f4aa279db2108029bfd1aa1329bccb7144a166fccbbc1d670494f2106d847691_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:24541"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"Red Hat AI Inference Server 3.4:registry.redhat.io/rhaii/vllm-spyre-rhel9@sha256:a89b09f6ec94078c599339b7feee9a0ddfc8048b748169310ed03f4c652d11f8_s390x",
"Red Hat AI Inference Server 3.4:registry.redhat.io/rhaii/vllm-spyre-rhel9@sha256:e12e1c6d65d4b41e530057a37765f36afcfa4e1cf85996bb4ebe13cef713b7d3_amd64",
"Red Hat AI Inference Server 3.4:registry.redhat.io/rhaii/vllm-spyre-rhel9@sha256:f4aa279db2108029bfd1aa1329bccb7144a166fccbbc1d670494f2106d847691_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "urllib3: urllib3: Information disclosure via cross-origin redirects forwarding sensitive headers"
},
{
"cve": "CVE-2026-44432",
"cwe": {
"id": "CWE-409",
"name": "Improper Handling of Highly Compressed Data (Data Amplification)"
},
"discovery_date": "2026-05-13T17:01:01.083841+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2477154"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in urllib3, an HTTP client library for Python. This vulnerability allows a remote attacker to cause excessive resource consumption, such as high CPU usage and massive memory allocation, on the client side. This occurs when urllib3 attempts to decompress an entire HTTP response, even if only a partial read was requested, or when draining the connection after a partial decompression. This can lead to a Denial of Service (DoS) condition.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "urllib3: urllib3: Denial of Service due to excessive HTTP response decompression",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AI Inference Server 3.4:registry.redhat.io/rhaii/vllm-spyre-rhel9@sha256:a89b09f6ec94078c599339b7feee9a0ddfc8048b748169310ed03f4c652d11f8_s390x",
"Red Hat AI Inference Server 3.4:registry.redhat.io/rhaii/vllm-spyre-rhel9@sha256:e12e1c6d65d4b41e530057a37765f36afcfa4e1cf85996bb4ebe13cef713b7d3_amd64",
"Red Hat AI Inference Server 3.4:registry.redhat.io/rhaii/vllm-spyre-rhel9@sha256:f4aa279db2108029bfd1aa1329bccb7144a166fccbbc1d670494f2106d847691_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-44432"
},
{
"category": "external",
"summary": "RHBZ#2477154",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2477154"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-44432",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-44432"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-44432",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44432"
},
{
"category": "external",
"summary": "https://github.com/urllib3/urllib3/security/advisories/GHSA-mf9v-mfxr-j63j",
"url": "https://github.com/urllib3/urllib3/security/advisories/GHSA-mf9v-mfxr-j63j"
}
],
"release_date": "2026-05-13T15:17:12.611000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-08T17:51:10+00:00",
"details": "For more information visit https://access.redhat.com/errata/RHSA-2026:24541",
"product_ids": [
"Red Hat AI Inference Server 3.4:registry.redhat.io/rhaii/vllm-spyre-rhel9@sha256:a89b09f6ec94078c599339b7feee9a0ddfc8048b748169310ed03f4c652d11f8_s390x",
"Red Hat AI Inference Server 3.4:registry.redhat.io/rhaii/vllm-spyre-rhel9@sha256:e12e1c6d65d4b41e530057a37765f36afcfa4e1cf85996bb4ebe13cef713b7d3_amd64",
"Red Hat AI Inference Server 3.4:registry.redhat.io/rhaii/vllm-spyre-rhel9@sha256:f4aa279db2108029bfd1aa1329bccb7144a166fccbbc1d670494f2106d847691_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:24541"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat AI Inference Server 3.4:registry.redhat.io/rhaii/vllm-spyre-rhel9@sha256:a89b09f6ec94078c599339b7feee9a0ddfc8048b748169310ed03f4c652d11f8_s390x",
"Red Hat AI Inference Server 3.4:registry.redhat.io/rhaii/vllm-spyre-rhel9@sha256:e12e1c6d65d4b41e530057a37765f36afcfa4e1cf85996bb4ebe13cef713b7d3_amd64",
"Red Hat AI Inference Server 3.4:registry.redhat.io/rhaii/vllm-spyre-rhel9@sha256:f4aa279db2108029bfd1aa1329bccb7144a166fccbbc1d670494f2106d847691_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "urllib3: urllib3: Denial of Service due to excessive HTTP response decompression"
}
]
}
RHSA-2026:24542
Vulnerability from csaf_redhat - Published: 2026-06-08 17:51 - Updated: 2026-06-23 21:53Summary
Red Hat Security Advisory: Red Hat AI Inference Model Optimization Tools 3.4.1 (cuda)
Severity
Important
Notes
Topic: Red Hat AI Inference Model Optimization Tools 3.4.1 (cuda) is now available.
Details: Red Hat AI Inference Model Optimization Tools
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in urllib3, an HTTP client library for Python. When using the low-level API via `ProxyManager.connection_from_url().urlopen()` with `assert_same_host=False`, cross-origin redirects can still forward sensitive headers. This could allow a remote attacker to gain unauthorized access to sensitive information.
5.9 (Medium)
Affected products
Fixed
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat AI Inference Server 3.4:registry.redhat.io/rhaii/model-opt-cuda-rhel9@sha256:4ebb2714d965c93f532eb68f6a0425387e821c84684d80abd176c555892d7469_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat AI Inference Server 3.4:registry.redhat.io/rhaii/model-opt-cuda-rhel9@sha256:7f19c82fb04f5d9ac59cfd84ae8a60da85ca53f122ec72088be648b335b78935_amd64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in urllib3, an HTTP client library for Python. This vulnerability allows a remote attacker to cause excessive resource consumption, such as high CPU usage and massive memory allocation, on the client side. This occurs when urllib3 attempts to decompress an entire HTTP response, even if only a partial read was requested, or when draining the connection after a partial decompression. This can lead to a Denial of Service (DoS) condition.
7.5 (High)
Affected products
Fixed
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat AI Inference Server 3.4:registry.redhat.io/rhaii/model-opt-cuda-rhel9@sha256:4ebb2714d965c93f532eb68f6a0425387e821c84684d80abd176c555892d7469_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat AI Inference Server 3.4:registry.redhat.io/rhaii/model-opt-cuda-rhel9@sha256:7f19c82fb04f5d9ac59cfd84ae8a60da85ca53f122ec72088be648b335b78935_amd64 | — |
Vendor Fix
fix
|
Threats
Impact
Important
References
16 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat AI Inference Model Optimization Tools 3.4.1 (cuda) is now available.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat AI Inference Model Optimization Tools",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:24542",
"url": "https://access.redhat.com/errata/RHSA-2026:24542"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-44431",
"url": "https://access.redhat.com/security/cve/CVE-2026-44431"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-44432",
"url": "https://access.redhat.com/security/cve/CVE-2026-44432"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "external",
"summary": "https://www.redhat.com/en/products/ai/inference-server",
"url": "https://www.redhat.com/en/products/ai/inference-server"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_24542.json"
}
],
"title": "Red Hat Security Advisory: Red Hat AI Inference Model Optimization Tools 3.4.1 (cuda)",
"tracking": {
"current_release_date": "2026-06-23T21:53:23+00:00",
"generator": {
"date": "2026-06-23T21:53:23+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.0.0"
}
},
"id": "RHSA-2026:24542",
"initial_release_date": "2026-06-08T17:51:20+00:00",
"revision_history": [
{
"date": "2026-06-08T17:51:20+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-06-08T17:51:34+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-06-23T21:53:23+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat AI Inference Server 3.4",
"product": {
"name": "Red Hat AI Inference Server 3.4",
"product_id": "Red Hat AI Inference Server 3.4",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:ai_inference_server:3.4::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat AI Inference Server"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/rhaii/model-opt-cuda-rhel9@sha256:7f19c82fb04f5d9ac59cfd84ae8a60da85ca53f122ec72088be648b335b78935_amd64",
"product": {
"name": "registry.redhat.io/rhaii/model-opt-cuda-rhel9@sha256:7f19c82fb04f5d9ac59cfd84ae8a60da85ca53f122ec72088be648b335b78935_amd64",
"product_id": "registry.redhat.io/rhaii/model-opt-cuda-rhel9@sha256:7f19c82fb04f5d9ac59cfd84ae8a60da85ca53f122ec72088be648b335b78935_amd64",
"product_identification_helper": {
"purl": "pkg:oci/model-opt-cuda-rhel9@sha256%3A7f19c82fb04f5d9ac59cfd84ae8a60da85ca53f122ec72088be648b335b78935?arch=amd64\u0026repository_url=registry.redhat.io/rhaii/model-opt-cuda-rhel9\u0026tag=1780356941"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/rhaii/model-opt-cuda-rhel9@sha256:4ebb2714d965c93f532eb68f6a0425387e821c84684d80abd176c555892d7469_arm64",
"product": {
"name": "registry.redhat.io/rhaii/model-opt-cuda-rhel9@sha256:4ebb2714d965c93f532eb68f6a0425387e821c84684d80abd176c555892d7469_arm64",
"product_id": "registry.redhat.io/rhaii/model-opt-cuda-rhel9@sha256:4ebb2714d965c93f532eb68f6a0425387e821c84684d80abd176c555892d7469_arm64",
"product_identification_helper": {
"purl": "pkg:oci/model-opt-cuda-rhel9@sha256%3A4ebb2714d965c93f532eb68f6a0425387e821c84684d80abd176c555892d7469?arch=arm64\u0026repository_url=registry.redhat.io/rhaii/model-opt-cuda-rhel9\u0026tag=1780356941"
}
}
}
],
"category": "architecture",
"name": "arm64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhaii/model-opt-cuda-rhel9@sha256:4ebb2714d965c93f532eb68f6a0425387e821c84684d80abd176c555892d7469_arm64 as a component of Red Hat AI Inference Server 3.4",
"product_id": "Red Hat AI Inference Server 3.4:registry.redhat.io/rhaii/model-opt-cuda-rhel9@sha256:4ebb2714d965c93f532eb68f6a0425387e821c84684d80abd176c555892d7469_arm64"
},
"product_reference": "registry.redhat.io/rhaii/model-opt-cuda-rhel9@sha256:4ebb2714d965c93f532eb68f6a0425387e821c84684d80abd176c555892d7469_arm64",
"relates_to_product_reference": "Red Hat AI Inference Server 3.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhaii/model-opt-cuda-rhel9@sha256:7f19c82fb04f5d9ac59cfd84ae8a60da85ca53f122ec72088be648b335b78935_amd64 as a component of Red Hat AI Inference Server 3.4",
"product_id": "Red Hat AI Inference Server 3.4:registry.redhat.io/rhaii/model-opt-cuda-rhel9@sha256:7f19c82fb04f5d9ac59cfd84ae8a60da85ca53f122ec72088be648b335b78935_amd64"
},
"product_reference": "registry.redhat.io/rhaii/model-opt-cuda-rhel9@sha256:7f19c82fb04f5d9ac59cfd84ae8a60da85ca53f122ec72088be648b335b78935_amd64",
"relates_to_product_reference": "Red Hat AI Inference Server 3.4"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-44431",
"cwe": {
"id": "CWE-201",
"name": "Insertion of Sensitive Information Into Sent Data"
},
"discovery_date": "2026-05-13T17:01:41.663622+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2477167"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in urllib3, an HTTP client library for Python. When using the low-level API via `ProxyManager.connection_from_url().urlopen()` with `assert_same_host=False`, cross-origin redirects can still forward sensitive headers. This could allow a remote attacker to gain unauthorized access to sensitive information.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "urllib3: urllib3: Information disclosure via cross-origin redirects forwarding sensitive headers",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AI Inference Server 3.4:registry.redhat.io/rhaii/model-opt-cuda-rhel9@sha256:4ebb2714d965c93f532eb68f6a0425387e821c84684d80abd176c555892d7469_arm64",
"Red Hat AI Inference Server 3.4:registry.redhat.io/rhaii/model-opt-cuda-rhel9@sha256:7f19c82fb04f5d9ac59cfd84ae8a60da85ca53f122ec72088be648b335b78935_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-44431"
},
{
"category": "external",
"summary": "RHBZ#2477167",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2477167"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-44431",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-44431"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-44431",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44431"
},
{
"category": "external",
"summary": "https://github.com/urllib3/urllib3/security/advisories/GHSA-qccp-gfcp-xxvc",
"url": "https://github.com/urllib3/urllib3/security/advisories/GHSA-qccp-gfcp-xxvc"
}
],
"release_date": "2026-05-13T15:20:24.588000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-08T17:51:20+00:00",
"details": "For more information visit https://access.redhat.com/errata/RHSA-2026:24542",
"product_ids": [
"Red Hat AI Inference Server 3.4:registry.redhat.io/rhaii/model-opt-cuda-rhel9@sha256:4ebb2714d965c93f532eb68f6a0425387e821c84684d80abd176c555892d7469_arm64",
"Red Hat AI Inference Server 3.4:registry.redhat.io/rhaii/model-opt-cuda-rhel9@sha256:7f19c82fb04f5d9ac59cfd84ae8a60da85ca53f122ec72088be648b335b78935_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:24542"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"Red Hat AI Inference Server 3.4:registry.redhat.io/rhaii/model-opt-cuda-rhel9@sha256:4ebb2714d965c93f532eb68f6a0425387e821c84684d80abd176c555892d7469_arm64",
"Red Hat AI Inference Server 3.4:registry.redhat.io/rhaii/model-opt-cuda-rhel9@sha256:7f19c82fb04f5d9ac59cfd84ae8a60da85ca53f122ec72088be648b335b78935_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "urllib3: urllib3: Information disclosure via cross-origin redirects forwarding sensitive headers"
},
{
"cve": "CVE-2026-44432",
"cwe": {
"id": "CWE-409",
"name": "Improper Handling of Highly Compressed Data (Data Amplification)"
},
"discovery_date": "2026-05-13T17:01:01.083841+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2477154"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in urllib3, an HTTP client library for Python. This vulnerability allows a remote attacker to cause excessive resource consumption, such as high CPU usage and massive memory allocation, on the client side. This occurs when urllib3 attempts to decompress an entire HTTP response, even if only a partial read was requested, or when draining the connection after a partial decompression. This can lead to a Denial of Service (DoS) condition.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "urllib3: urllib3: Denial of Service due to excessive HTTP response decompression",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AI Inference Server 3.4:registry.redhat.io/rhaii/model-opt-cuda-rhel9@sha256:4ebb2714d965c93f532eb68f6a0425387e821c84684d80abd176c555892d7469_arm64",
"Red Hat AI Inference Server 3.4:registry.redhat.io/rhaii/model-opt-cuda-rhel9@sha256:7f19c82fb04f5d9ac59cfd84ae8a60da85ca53f122ec72088be648b335b78935_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-44432"
},
{
"category": "external",
"summary": "RHBZ#2477154",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2477154"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-44432",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-44432"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-44432",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44432"
},
{
"category": "external",
"summary": "https://github.com/urllib3/urllib3/security/advisories/GHSA-mf9v-mfxr-j63j",
"url": "https://github.com/urllib3/urllib3/security/advisories/GHSA-mf9v-mfxr-j63j"
}
],
"release_date": "2026-05-13T15:17:12.611000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-08T17:51:20+00:00",
"details": "For more information visit https://access.redhat.com/errata/RHSA-2026:24542",
"product_ids": [
"Red Hat AI Inference Server 3.4:registry.redhat.io/rhaii/model-opt-cuda-rhel9@sha256:4ebb2714d965c93f532eb68f6a0425387e821c84684d80abd176c555892d7469_arm64",
"Red Hat AI Inference Server 3.4:registry.redhat.io/rhaii/model-opt-cuda-rhel9@sha256:7f19c82fb04f5d9ac59cfd84ae8a60da85ca53f122ec72088be648b335b78935_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:24542"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat AI Inference Server 3.4:registry.redhat.io/rhaii/model-opt-cuda-rhel9@sha256:4ebb2714d965c93f532eb68f6a0425387e821c84684d80abd176c555892d7469_arm64",
"Red Hat AI Inference Server 3.4:registry.redhat.io/rhaii/model-opt-cuda-rhel9@sha256:7f19c82fb04f5d9ac59cfd84ae8a60da85ca53f122ec72088be648b335b78935_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "urllib3: urllib3: Denial of Service due to excessive HTTP response decompression"
}
]
}
RHSA-2026:24544
Vulnerability from csaf_redhat - Published: 2026-06-08 17:52 - Updated: 2026-06-23 21:53Summary
Red Hat Security Advisory: Red Hat AI Inference 3.4.1 (cuda)
Severity
Important
Notes
Topic: Red Hat AI Inference 3.4.1 (cuda) is now available.
Details: Red Hat AI Inference
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in urllib3, an HTTP client library for Python. When using the low-level API via `ProxyManager.connection_from_url().urlopen()` with `assert_same_host=False`, cross-origin redirects can still forward sensitive headers. This could allow a remote attacker to gain unauthorized access to sensitive information.
5.9 (Medium)
Affected products
Fixed
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat AI Inference Server 3.4:registry.redhat.io/rhaii/vllm-cuda-rhel9@sha256:3c71d1adbb5d811a19c04d1d4d907d0a67fd671dd5c3638d2f8ed5ad363192e0_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat AI Inference Server 3.4:registry.redhat.io/rhaii/vllm-cuda-rhel9@sha256:6ce25732de012437b2087e37cffdc6aff2480aed1940591e00d7c65395d11c50_arm64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in urllib3, an HTTP client library for Python. This vulnerability allows a remote attacker to cause excessive resource consumption, such as high CPU usage and massive memory allocation, on the client side. This occurs when urllib3 attempts to decompress an entire HTTP response, even if only a partial read was requested, or when draining the connection after a partial decompression. This can lead to a Denial of Service (DoS) condition.
7.5 (High)
Affected products
Fixed
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat AI Inference Server 3.4:registry.redhat.io/rhaii/vllm-cuda-rhel9@sha256:3c71d1adbb5d811a19c04d1d4d907d0a67fd671dd5c3638d2f8ed5ad363192e0_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat AI Inference Server 3.4:registry.redhat.io/rhaii/vllm-cuda-rhel9@sha256:6ce25732de012437b2087e37cffdc6aff2480aed1940591e00d7c65395d11c50_arm64 | — |
Vendor Fix
fix
|
Threats
Impact
Important
References
16 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat AI Inference 3.4.1 (cuda) is now available.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat AI Inference",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:24544",
"url": "https://access.redhat.com/errata/RHSA-2026:24544"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-44431",
"url": "https://access.redhat.com/security/cve/CVE-2026-44431"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-44432",
"url": "https://access.redhat.com/security/cve/CVE-2026-44432"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "external",
"summary": "https://www.redhat.com/en/products/ai/inference-server",
"url": "https://www.redhat.com/en/products/ai/inference-server"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_24544.json"
}
],
"title": "Red Hat Security Advisory: Red Hat AI Inference 3.4.1 (cuda)",
"tracking": {
"current_release_date": "2026-06-23T21:53:20+00:00",
"generator": {
"date": "2026-06-23T21:53:20+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.0.0"
}
},
"id": "RHSA-2026:24544",
"initial_release_date": "2026-06-08T17:52:59+00:00",
"revision_history": [
{
"date": "2026-06-08T17:52:59+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-06-08T17:53:11+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-06-23T21:53:20+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat AI Inference Server 3.4",
"product": {
"name": "Red Hat AI Inference Server 3.4",
"product_id": "Red Hat AI Inference Server 3.4",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:ai_inference_server:3.4::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat AI Inference Server"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/rhaii/vllm-cuda-rhel9@sha256:3c71d1adbb5d811a19c04d1d4d907d0a67fd671dd5c3638d2f8ed5ad363192e0_amd64",
"product": {
"name": "registry.redhat.io/rhaii/vllm-cuda-rhel9@sha256:3c71d1adbb5d811a19c04d1d4d907d0a67fd671dd5c3638d2f8ed5ad363192e0_amd64",
"product_id": "registry.redhat.io/rhaii/vllm-cuda-rhel9@sha256:3c71d1adbb5d811a19c04d1d4d907d0a67fd671dd5c3638d2f8ed5ad363192e0_amd64",
"product_identification_helper": {
"purl": "pkg:oci/vllm-cuda-rhel9@sha256%3A3c71d1adbb5d811a19c04d1d4d907d0a67fd671dd5c3638d2f8ed5ad363192e0?arch=amd64\u0026repository_url=registry.redhat.io/rhaii/vllm-cuda-rhel9\u0026tag=1780356914"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/rhaii/vllm-cuda-rhel9@sha256:6ce25732de012437b2087e37cffdc6aff2480aed1940591e00d7c65395d11c50_arm64",
"product": {
"name": "registry.redhat.io/rhaii/vllm-cuda-rhel9@sha256:6ce25732de012437b2087e37cffdc6aff2480aed1940591e00d7c65395d11c50_arm64",
"product_id": "registry.redhat.io/rhaii/vllm-cuda-rhel9@sha256:6ce25732de012437b2087e37cffdc6aff2480aed1940591e00d7c65395d11c50_arm64",
"product_identification_helper": {
"purl": "pkg:oci/vllm-cuda-rhel9@sha256%3A6ce25732de012437b2087e37cffdc6aff2480aed1940591e00d7c65395d11c50?arch=arm64\u0026repository_url=registry.redhat.io/rhaii/vllm-cuda-rhel9\u0026tag=1780356914"
}
}
}
],
"category": "architecture",
"name": "arm64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhaii/vllm-cuda-rhel9@sha256:3c71d1adbb5d811a19c04d1d4d907d0a67fd671dd5c3638d2f8ed5ad363192e0_amd64 as a component of Red Hat AI Inference Server 3.4",
"product_id": "Red Hat AI Inference Server 3.4:registry.redhat.io/rhaii/vllm-cuda-rhel9@sha256:3c71d1adbb5d811a19c04d1d4d907d0a67fd671dd5c3638d2f8ed5ad363192e0_amd64"
},
"product_reference": "registry.redhat.io/rhaii/vllm-cuda-rhel9@sha256:3c71d1adbb5d811a19c04d1d4d907d0a67fd671dd5c3638d2f8ed5ad363192e0_amd64",
"relates_to_product_reference": "Red Hat AI Inference Server 3.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhaii/vllm-cuda-rhel9@sha256:6ce25732de012437b2087e37cffdc6aff2480aed1940591e00d7c65395d11c50_arm64 as a component of Red Hat AI Inference Server 3.4",
"product_id": "Red Hat AI Inference Server 3.4:registry.redhat.io/rhaii/vllm-cuda-rhel9@sha256:6ce25732de012437b2087e37cffdc6aff2480aed1940591e00d7c65395d11c50_arm64"
},
"product_reference": "registry.redhat.io/rhaii/vllm-cuda-rhel9@sha256:6ce25732de012437b2087e37cffdc6aff2480aed1940591e00d7c65395d11c50_arm64",
"relates_to_product_reference": "Red Hat AI Inference Server 3.4"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-44431",
"cwe": {
"id": "CWE-201",
"name": "Insertion of Sensitive Information Into Sent Data"
},
"discovery_date": "2026-05-13T17:01:41.663622+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2477167"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in urllib3, an HTTP client library for Python. When using the low-level API via `ProxyManager.connection_from_url().urlopen()` with `assert_same_host=False`, cross-origin redirects can still forward sensitive headers. This could allow a remote attacker to gain unauthorized access to sensitive information.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "urllib3: urllib3: Information disclosure via cross-origin redirects forwarding sensitive headers",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AI Inference Server 3.4:registry.redhat.io/rhaii/vllm-cuda-rhel9@sha256:3c71d1adbb5d811a19c04d1d4d907d0a67fd671dd5c3638d2f8ed5ad363192e0_amd64",
"Red Hat AI Inference Server 3.4:registry.redhat.io/rhaii/vllm-cuda-rhel9@sha256:6ce25732de012437b2087e37cffdc6aff2480aed1940591e00d7c65395d11c50_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-44431"
},
{
"category": "external",
"summary": "RHBZ#2477167",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2477167"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-44431",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-44431"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-44431",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44431"
},
{
"category": "external",
"summary": "https://github.com/urllib3/urllib3/security/advisories/GHSA-qccp-gfcp-xxvc",
"url": "https://github.com/urllib3/urllib3/security/advisories/GHSA-qccp-gfcp-xxvc"
}
],
"release_date": "2026-05-13T15:20:24.588000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-08T17:52:59+00:00",
"details": "For more information visit https://access.redhat.com/errata/RHSA-2026:24544",
"product_ids": [
"Red Hat AI Inference Server 3.4:registry.redhat.io/rhaii/vllm-cuda-rhel9@sha256:3c71d1adbb5d811a19c04d1d4d907d0a67fd671dd5c3638d2f8ed5ad363192e0_amd64",
"Red Hat AI Inference Server 3.4:registry.redhat.io/rhaii/vllm-cuda-rhel9@sha256:6ce25732de012437b2087e37cffdc6aff2480aed1940591e00d7c65395d11c50_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:24544"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"Red Hat AI Inference Server 3.4:registry.redhat.io/rhaii/vllm-cuda-rhel9@sha256:3c71d1adbb5d811a19c04d1d4d907d0a67fd671dd5c3638d2f8ed5ad363192e0_amd64",
"Red Hat AI Inference Server 3.4:registry.redhat.io/rhaii/vllm-cuda-rhel9@sha256:6ce25732de012437b2087e37cffdc6aff2480aed1940591e00d7c65395d11c50_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "urllib3: urllib3: Information disclosure via cross-origin redirects forwarding sensitive headers"
},
{
"cve": "CVE-2026-44432",
"cwe": {
"id": "CWE-409",
"name": "Improper Handling of Highly Compressed Data (Data Amplification)"
},
"discovery_date": "2026-05-13T17:01:01.083841+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2477154"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in urllib3, an HTTP client library for Python. This vulnerability allows a remote attacker to cause excessive resource consumption, such as high CPU usage and massive memory allocation, on the client side. This occurs when urllib3 attempts to decompress an entire HTTP response, even if only a partial read was requested, or when draining the connection after a partial decompression. This can lead to a Denial of Service (DoS) condition.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "urllib3: urllib3: Denial of Service due to excessive HTTP response decompression",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AI Inference Server 3.4:registry.redhat.io/rhaii/vllm-cuda-rhel9@sha256:3c71d1adbb5d811a19c04d1d4d907d0a67fd671dd5c3638d2f8ed5ad363192e0_amd64",
"Red Hat AI Inference Server 3.4:registry.redhat.io/rhaii/vllm-cuda-rhel9@sha256:6ce25732de012437b2087e37cffdc6aff2480aed1940591e00d7c65395d11c50_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-44432"
},
{
"category": "external",
"summary": "RHBZ#2477154",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2477154"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-44432",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-44432"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-44432",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44432"
},
{
"category": "external",
"summary": "https://github.com/urllib3/urllib3/security/advisories/GHSA-mf9v-mfxr-j63j",
"url": "https://github.com/urllib3/urllib3/security/advisories/GHSA-mf9v-mfxr-j63j"
}
],
"release_date": "2026-05-13T15:17:12.611000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-08T17:52:59+00:00",
"details": "For more information visit https://access.redhat.com/errata/RHSA-2026:24544",
"product_ids": [
"Red Hat AI Inference Server 3.4:registry.redhat.io/rhaii/vllm-cuda-rhel9@sha256:3c71d1adbb5d811a19c04d1d4d907d0a67fd671dd5c3638d2f8ed5ad363192e0_amd64",
"Red Hat AI Inference Server 3.4:registry.redhat.io/rhaii/vllm-cuda-rhel9@sha256:6ce25732de012437b2087e37cffdc6aff2480aed1940591e00d7c65395d11c50_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:24544"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat AI Inference Server 3.4:registry.redhat.io/rhaii/vllm-cuda-rhel9@sha256:3c71d1adbb5d811a19c04d1d4d907d0a67fd671dd5c3638d2f8ed5ad363192e0_amd64",
"Red Hat AI Inference Server 3.4:registry.redhat.io/rhaii/vllm-cuda-rhel9@sha256:6ce25732de012437b2087e37cffdc6aff2480aed1940591e00d7c65395d11c50_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "urllib3: urllib3: Denial of Service due to excessive HTTP response decompression"
}
]
}
RHSA-2026:25039
Vulnerability from csaf_redhat - Published: 2026-06-10 09:34 - Updated: 2026-06-23 21:53Summary
Red Hat Security Advisory: Red Hat Hardened Images RPMs bug fix and enhancement update
Severity
Important
Notes
Topic: An update for Red Hat Hardened Images RPMs is now available.
Details: This update includes the following RPMs:
jaeger:
* jaeger-2.19.0-1.hum1 (aarch64, x86_64)
* jaeger-2.19.0-1.hum1.src (src)
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in urllib3, an HTTP client library for Python. When using the low-level API via `ProxyManager.connection_from_url().urlopen()` with `assert_same_host=False`, cross-origin redirects can still forward sensitive headers. This could allow a remote attacker to gain unauthorized access to sensitive information.
5.9 (Medium)
Affected products
Fixed
3 products
Threats
Impact
Moderate
A flaw was found in urllib3, an HTTP client library for Python. This vulnerability allows a remote attacker to cause excessive resource consumption, such as high CPU usage and massive memory allocation, on the client side. This occurs when urllib3 attempts to decompress an entire HTTP response, even if only a partial read was requested, or when draining the connection after a partial decompression. This can lead to a Denial of Service (DoS) condition.
7.5 (High)
Affected products
Fixed
3 products
Threats
Impact
Important
References
17 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for Red Hat Hardened Images RPMs is now available.",
"title": "Topic"
},
{
"category": "general",
"text": "This update includes the following RPMs:\n\njaeger:\n * jaeger-2.19.0-1.hum1 (aarch64, x86_64)\n * jaeger-2.19.0-1.hum1.src (src)",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:25039",
"url": "https://access.redhat.com/errata/RHSA-2026:25039"
},
{
"category": "external",
"summary": "https://images.redhat.com/",
"url": "https://images.redhat.com/"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-48990",
"url": "https://access.redhat.com/security/cve/CVE-2026-48990"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-44432",
"url": "https://access.redhat.com/security/cve/CVE-2026-44432"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-44431",
"url": "https://access.redhat.com/security/cve/CVE-2026-44431"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_25039.json"
}
],
"title": "Red Hat Security Advisory: Red Hat Hardened Images RPMs bug fix and enhancement update",
"tracking": {
"current_release_date": "2026-06-23T21:53:20+00:00",
"generator": {
"date": "2026-06-23T21:53:20+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.0.0"
}
},
"id": "RHSA-2026:25039",
"initial_release_date": "2026-06-10T09:34:54+00:00",
"revision_history": [
{
"date": "2026-06-10T09:34:54+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-06-18T13:19:08+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-06-23T21:53:20+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Hardened Images",
"product": {
"name": "Red Hat Hardened Images",
"product_id": "Red Hat Hardened Images",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:hummingbird:1"
}
}
}
],
"category": "product_family",
"name": "Red Hat Hardened Images"
},
{
"branches": [
{
"category": "product_version",
"name": "jaeger-main@aarch64",
"product": {
"name": "jaeger-main@aarch64",
"product_id": "jaeger-main@aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jaeger@2.19.0-1.hum1?arch=aarch64\u0026distro=hummingbird-20251124\u0026repository_id=public-hummingbird-aarch64-rpms"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "jaeger-main@src",
"product": {
"name": "jaeger-main@src",
"product_id": "jaeger-main@src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jaeger@2.19.0-1.hum1?arch=src\u0026distro=hummingbird-20251124\u0026repository_id=public-hummingbird-source-rpms"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "jaeger-main@x86_64",
"product": {
"name": "jaeger-main@x86_64",
"product_id": "jaeger-main@x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jaeger@2.19.0-1.hum1?arch=x86_64\u0026distro=hummingbird-20251124\u0026repository_id=public-hummingbird-x86_64-rpms"
}
}
}
],
"category": "architecture",
"name": "x86_64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "jaeger-main@aarch64 as a component of Red Hat Hardened Images",
"product_id": "Red Hat Hardened Images:jaeger-main@aarch64"
},
"product_reference": "jaeger-main@aarch64",
"relates_to_product_reference": "Red Hat Hardened Images"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jaeger-main@src as a component of Red Hat Hardened Images",
"product_id": "Red Hat Hardened Images:jaeger-main@src"
},
"product_reference": "jaeger-main@src",
"relates_to_product_reference": "Red Hat Hardened Images"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jaeger-main@x86_64 as a component of Red Hat Hardened Images",
"product_id": "Red Hat Hardened Images:jaeger-main@x86_64"
},
"product_reference": "jaeger-main@x86_64",
"relates_to_product_reference": "Red Hat Hardened Images"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-44431",
"cwe": {
"id": "CWE-201",
"name": "Insertion of Sensitive Information Into Sent Data"
},
"discovery_date": "2026-05-13T17:01:41.663622+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2477167"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in urllib3, an HTTP client library for Python. When using the low-level API via `ProxyManager.connection_from_url().urlopen()` with `assert_same_host=False`, cross-origin redirects can still forward sensitive headers. This could allow a remote attacker to gain unauthorized access to sensitive information.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "urllib3: urllib3: Information disclosure via cross-origin redirects forwarding sensitive headers",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:jaeger-main@aarch64",
"Red Hat Hardened Images:jaeger-main@src",
"Red Hat Hardened Images:jaeger-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-44431"
},
{
"category": "external",
"summary": "RHBZ#2477167",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2477167"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-44431",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-44431"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-44431",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44431"
},
{
"category": "external",
"summary": "https://github.com/urllib3/urllib3/security/advisories/GHSA-qccp-gfcp-xxvc",
"url": "https://github.com/urllib3/urllib3/security/advisories/GHSA-qccp-gfcp-xxvc"
}
],
"release_date": "2026-05-13T15:20:24.588000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-10T09:34:54+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:jaeger-main@aarch64",
"Red Hat Hardened Images:jaeger-main@src",
"Red Hat Hardened Images:jaeger-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:25039"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:jaeger-main@aarch64",
"Red Hat Hardened Images:jaeger-main@src",
"Red Hat Hardened Images:jaeger-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "urllib3: urllib3: Information disclosure via cross-origin redirects forwarding sensitive headers"
},
{
"cve": "CVE-2026-44432",
"cwe": {
"id": "CWE-409",
"name": "Improper Handling of Highly Compressed Data (Data Amplification)"
},
"discovery_date": "2026-05-13T17:01:01.083841+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2477154"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in urllib3, an HTTP client library for Python. This vulnerability allows a remote attacker to cause excessive resource consumption, such as high CPU usage and massive memory allocation, on the client side. This occurs when urllib3 attempts to decompress an entire HTTP response, even if only a partial read was requested, or when draining the connection after a partial decompression. This can lead to a Denial of Service (DoS) condition.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "urllib3: urllib3: Denial of Service due to excessive HTTP response decompression",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:jaeger-main@aarch64",
"Red Hat Hardened Images:jaeger-main@src",
"Red Hat Hardened Images:jaeger-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-44432"
},
{
"category": "external",
"summary": "RHBZ#2477154",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2477154"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-44432",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-44432"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-44432",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44432"
},
{
"category": "external",
"summary": "https://github.com/urllib3/urllib3/security/advisories/GHSA-mf9v-mfxr-j63j",
"url": "https://github.com/urllib3/urllib3/security/advisories/GHSA-mf9v-mfxr-j63j"
}
],
"release_date": "2026-05-13T15:17:12.611000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-10T09:34:54+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:jaeger-main@aarch64",
"Red Hat Hardened Images:jaeger-main@src",
"Red Hat Hardened Images:jaeger-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:25039"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:jaeger-main@aarch64",
"Red Hat Hardened Images:jaeger-main@src",
"Red Hat Hardened Images:jaeger-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "urllib3: urllib3: Denial of Service due to excessive HTTP response decompression"
}
]
}
RHSA-2026:25928
Vulnerability from csaf_redhat - Published: 2026-06-15 08:51 - Updated: 2026-06-23 21:53Summary
Red Hat Security Advisory: Red Hat Ansible Automation Platform 2.7 Container Release Update
Severity
Important
Notes
Topic: An update is now available for Red Hat Ansible Automation Platform 2.7
Details: Red Hat Ansible Automation Platform provides an enterprise framework for building, deploying and managing IT automation at scale. IT Managers can provide top-down guidelines on how automation is applied to individual teams, while automation developers retain the freedom to write tasks that leverage existing knowledge without the overhead. Ansible Automation Platform makes it possible for users across an organization to share, vet, and manage automation content by means of a simple, powerful, and agentless language.
For details about this release, refer to the release notes listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in Ansible Lightspeed. This vulnerability, related to insufficient session expiration, allows a remote attacker to maintain persistent access to the Ansible Lightspeed instance. If an attacker exfiltrates a valid OAuth (Open Authorization) access token before a user logs out, they can continue to authenticate and access sensitive data. This is because the application fails to invalidate the token on the backend, leaving it valid until its natural expiration. This can lead to unauthorized read access to Ansible resources such as inventories, playbooks, and configuration data.
5.3 (Medium)
Affected products
Fixed
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/lightspeed-rhel9@sha256:d02ae0212655f8ef70afc7a0656a2fbc95468228b003f6940d01cf4abeb5325b_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/lightspeed-rhel9@sha256:d10f226739a001a0efc0178f19a73fad722dc85484017d13f388f749a374ffea_amd64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
58 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/aap-must-gather-rhel9@sha256:51ed36bb2a95df762fa0239faf7bcc70b68dbd5f744bd2094f5e29ecc6700eb3_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/aap-must-gather-rhel9@sha256:8426a97219763cb74366755416683d79e8b56c95da290b0fa2fff59a5db51db3_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/ansible-builder-rhel9@sha256:0ddbc5f91472e5872912da6131e71df85e87b79ef8ea3d38bb4247f1456d4a00_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/ansible-builder-rhel9@sha256:f75e2056244899ae5e2ecab1404663bf554f7451cc521e0d7a75a2f40ecac7a1_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/ansible-dev-tools-rhel9@sha256:7dcd3a60624fa4f6c9f591ef8ffc48ba0f5152b7108a6070fa8f680c20168c95_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/ansible-dev-tools-rhel9@sha256:a8135ef1879793f311f2661c380bd5fbbedc14a4d195aeaa5a4cb04ad4845f49_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/ansible-devspaces-rhel9@sha256:2211c0e7cd573bf30873329c46e91f98ff01fcb7e0753823d4c0517217c31ac3_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/ansible-devspaces-rhel9@sha256:a6903f68684eb8f5bc688b75e390727b5ed48b864784657e49611966266c9f3f_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/controller-rhel9-operator@sha256:5ffa88952441ddab19ada1bd2603e3614b75d10ef51e38098c2d22d8b358b518_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/controller-rhel9-operator@sha256:afca3fb56256dcb7cb04a67fb52bff0160064c65f901a70fa3e97ed30ddaab7a_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/controller-rhel9@sha256:5e1a04dbcddc141f0026ccee871050cf974175b62c3d22b33e5ec3aec54128d3_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/controller-rhel9@sha256:ddb59951ccb324d8bd6ae9c6a6093f211bcb08d8cac7c4fb10f191e421aa59d3_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/de-minimal-rhel9@sha256:55ad63ce31700829d0df23692d02cb7796404b122f790f9329f4b742c5f6783e_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/de-minimal-rhel9@sha256:587ec88d08d4113f07778f81aae6de62c9e9d971b677b1375b547aa7dd1178c8_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/de-supported-rhel9@sha256:5aa7b2e33b9480f45faf8b4686bfb264838b5c1c62c537c5a2ec7b5a8617ac49_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/de-supported-rhel9@sha256:830fa58a60fbd7f768e236b2052edd1d37fc7cf383a0ccd65483b09fa5b07bd2_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/eda-controller-rhel9-operator@sha256:a18f77ccf6c524f5d0c11d34d6787b22548194b6897abd491de85b00fc1befd3_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/eda-controller-rhel9-operator@sha256:b58803576b7a2e119ffe83ceb252d8d402f1611c891c2c6ac7c4e0399acd848f_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/eda-controller-rhel9@sha256:daefffce756c8c7918377279ada50a9cc127ab0939ed308c786940d5dc42e0d9_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/eda-controller-rhel9@sha256:dfde61892d055e89b056f7fb8863f3a0961df2bb8890323b8301670fc8afc66b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/eda-controller-ui-rhel9@sha256:bd7350b62eb0f2de274eafd7dc32e4cf3073bd597e282268ff17777b9fe5d102_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/eda-controller-ui-rhel9@sha256:fe72e508123fdd2795959017e5572689b039d5bdfc675dc45673c5586fceea17_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/ee-minimal-rhel9@sha256:abaebe0c1fbc2a013fad8ec411a449705c8a78759b82ddbe661afd99e90dada5_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/ee-minimal-rhel9@sha256:c4f9e3356a2217008bd6f69325ae74d547703f1bcfe39bd74737f30c6914f711_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/ee-supported-rhel9@sha256:017495624b22a5825231dd70443dc9ab359da0df5ea16a5a04e0f4dc915b6e0f_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/ee-supported-rhel9@sha256:fcb7685115cfbf0a10ef87d6bb7a43c251c207a4fd7a31c5908cad85b6ae0e1a_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/gateway-proxy-rhel9@sha256:d15bd832817f039fa3c09d6d74088254b6fae15a5efed7a88279a657b2f23f16_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/gateway-proxy-rhel9@sha256:e78dd744714feae5ae944c759759bff17c061c7ed2d3bd1454ba763131ed6ee0_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/gateway-rhel9-operator@sha256:de3d43a8d9a2cf0d533337e825b078205cc37b01c935a4f68ac152a8a7a7533c_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/gateway-rhel9-operator@sha256:eca1f9bd16210653a372e34a4f40ca4d6330618a2acba64f6f7c2e8e95026da1_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/gateway-rhel9@sha256:a961d06200887f646ed797932c3159634581fe144e5f29f1fef47ddc859eed31_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/gateway-rhel9@sha256:bd28a84fe3b750313749ec80d44cac88c7b06408b0caceea08d303f51c1f559a_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/hub-rhel9-operator@sha256:3312c6acd7a577bd8b3ccda5a65f8505ff76e2acc7a46e7f290a49dfb53cfac4_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/hub-rhel9-operator@sha256:c738cf5ef020b44a404402ddd660afc3d418a758751f848068bda4bc5bce0e35_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/hub-rhel9@sha256:3a04de6f43c1352f5df5c5a9e19fd8aad23d2921d23dcef8a9f5e121a87fe800_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/hub-rhel9@sha256:cdd7f08ba3846269e6932375c1a7bdb4ed3bfe062ba7bcd5a872def4293150a6_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/hub-web-rhel9@sha256:adca5f837877df04696709a4826ccae31e2fdc50aa8bc32fabb4ef40cd51f0ef_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/hub-web-rhel9@sha256:fb8342f0f6b8322194bc357c7d9c9d89ef6ca052b88c5618bbf768f555a54b13_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/lightspeed-chatbot-rhel9@sha256:2fab408777ea512f3cf8ac57d5989fa0017f6352dcead3a320d348a3e2ac1004_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/lightspeed-chatbot-rhel9@sha256:c014148a6140721bb7733d5f30c7adbe3e2cc6f8a7cd6c3a939ab96f8c9420ee_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/lightspeed-rhel9-operator@sha256:121e0bfb87b57655db4a735762a26e23f1b3de7b105cbf09bb300043601c1b43_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/lightspeed-rhel9-operator@sha256:6a06579accd268ca5203edab2e46b89166ae6024507cc5b4bed2e126cdef7986_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/mcp-server-rhel9@sha256:302cf11b0faed78e07e863d4b1e7e31db47590b571239385475d8a4c3cda47dc_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/mcp-server-rhel9@sha256:7dbf390d29d295f346662b605448a9748e24b8f541a84f55b6b7c81b87c46025_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/mcp-tools-rhel9@sha256:e6c019048612b124e9a2100220d46f242f0fd2302bbe42e674bf84c21a56b733_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/mcp-tools-rhel9@sha256:f07206e7881bd11636bebb95f7ec9a70cc817f07d7b34f792265a5ec91d4432b_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/metrics-service-rhel9-operator@sha256:7007f666eadfd7294801e6412e624dbc4bd2288f13ea8820ee55e7552f471831_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/metrics-service-rhel9-operator@sha256:d71829d8bd9bfdba7d248e2e2cd5795139382947889b71bb96b27f7d443e1591_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/metrics-service-rhel9@sha256:ce4ef5c8af91d2056a034f9559a5d92742b18aea7aeaf03d2bacfa92d67c5b9b_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/metrics-service-rhel9@sha256:ee347c1a7b52e512d6bdd65afda44f0e372abbaf4c1f81750f23fc473becf777_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/platform-resource-rhel9-operator@sha256:3641db944490dd326c814487e1c10d5d9d079ba74f8321930ab277fe44b51705_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/platform-resource-rhel9-operator@sha256:7e6ea2d4253efb0aaabce270c56bf8ef84148592862608f501b639566b9996f0_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/platform-resource-runner-rhel9@sha256:41c9292a512f44347fc348afd6846e7e8832abde31452ee12ec8eca235acdce4_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/platform-resource-runner-rhel9@sha256:f30a9515d678d60e9ac035b876ecdaaa8a4852c87fe55e16bcabf598ad447b14_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/receptor-rhel9@sha256:1ad72d1f577d63894eec4278c1b92b6e295cb3c0543b4dd2e93750c2cc83d535_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/receptor-rhel9@sha256:5c5bc6761dbd47effea36014affa352bddd5a18696377967f1f50b75df2741fe_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform/platform-operator-bundle@sha256:32560cdb08b7da9d671f9b035e595971c5bdf865c56eb6825b9a4910add1b9cf_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform/platform-operator-bundle@sha256:8ef224281fd23b4203da09336df25550db17b01f025e99b8e9821d4bc3ddedfc_amd64 | — |
Workaround
|
Threats
Impact
Moderate
A flaw was found in urllib3, an HTTP client library for Python. When using the low-level API via `ProxyManager.connection_from_url().urlopen()` with `assert_same_host=False`, cross-origin redirects can still forward sensitive headers. This could allow a remote attacker to gain unauthorized access to sensitive information.
5.9 (Medium)
Affected products
Fixed
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/hub-rhel9@sha256:3a04de6f43c1352f5df5c5a9e19fd8aad23d2921d23dcef8a9f5e121a87fe800_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/hub-rhel9@sha256:cdd7f08ba3846269e6932375c1a7bdb4ed3bfe062ba7bcd5a872def4293150a6_amd64 | — |
Vendor Fix
fix
|
Known not affected
58 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/aap-must-gather-rhel9@sha256:51ed36bb2a95df762fa0239faf7bcc70b68dbd5f744bd2094f5e29ecc6700eb3_amd64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/aap-must-gather-rhel9@sha256:8426a97219763cb74366755416683d79e8b56c95da290b0fa2fff59a5db51db3_arm64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/ansible-builder-rhel9@sha256:0ddbc5f91472e5872912da6131e71df85e87b79ef8ea3d38bb4247f1456d4a00_amd64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/ansible-builder-rhel9@sha256:f75e2056244899ae5e2ecab1404663bf554f7451cc521e0d7a75a2f40ecac7a1_arm64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/ansible-dev-tools-rhel9@sha256:7dcd3a60624fa4f6c9f591ef8ffc48ba0f5152b7108a6070fa8f680c20168c95_arm64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/ansible-dev-tools-rhel9@sha256:a8135ef1879793f311f2661c380bd5fbbedc14a4d195aeaa5a4cb04ad4845f49_amd64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/ansible-devspaces-rhel9@sha256:2211c0e7cd573bf30873329c46e91f98ff01fcb7e0753823d4c0517217c31ac3_arm64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/ansible-devspaces-rhel9@sha256:a6903f68684eb8f5bc688b75e390727b5ed48b864784657e49611966266c9f3f_amd64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/controller-rhel9-operator@sha256:5ffa88952441ddab19ada1bd2603e3614b75d10ef51e38098c2d22d8b358b518_amd64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/controller-rhel9-operator@sha256:afca3fb56256dcb7cb04a67fb52bff0160064c65f901a70fa3e97ed30ddaab7a_arm64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/controller-rhel9@sha256:5e1a04dbcddc141f0026ccee871050cf974175b62c3d22b33e5ec3aec54128d3_amd64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/controller-rhel9@sha256:ddb59951ccb324d8bd6ae9c6a6093f211bcb08d8cac7c4fb10f191e421aa59d3_arm64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/de-minimal-rhel9@sha256:55ad63ce31700829d0df23692d02cb7796404b122f790f9329f4b742c5f6783e_amd64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/de-minimal-rhel9@sha256:587ec88d08d4113f07778f81aae6de62c9e9d971b677b1375b547aa7dd1178c8_arm64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/de-supported-rhel9@sha256:5aa7b2e33b9480f45faf8b4686bfb264838b5c1c62c537c5a2ec7b5a8617ac49_amd64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/de-supported-rhel9@sha256:830fa58a60fbd7f768e236b2052edd1d37fc7cf383a0ccd65483b09fa5b07bd2_arm64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/eda-controller-rhel9-operator@sha256:a18f77ccf6c524f5d0c11d34d6787b22548194b6897abd491de85b00fc1befd3_amd64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/eda-controller-rhel9-operator@sha256:b58803576b7a2e119ffe83ceb252d8d402f1611c891c2c6ac7c4e0399acd848f_arm64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/eda-controller-rhel9@sha256:daefffce756c8c7918377279ada50a9cc127ab0939ed308c786940d5dc42e0d9_arm64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/eda-controller-rhel9@sha256:dfde61892d055e89b056f7fb8863f3a0961df2bb8890323b8301670fc8afc66b_amd64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/eda-controller-ui-rhel9@sha256:bd7350b62eb0f2de274eafd7dc32e4cf3073bd597e282268ff17777b9fe5d102_arm64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/eda-controller-ui-rhel9@sha256:fe72e508123fdd2795959017e5572689b039d5bdfc675dc45673c5586fceea17_amd64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/ee-minimal-rhel9@sha256:abaebe0c1fbc2a013fad8ec411a449705c8a78759b82ddbe661afd99e90dada5_amd64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/ee-minimal-rhel9@sha256:c4f9e3356a2217008bd6f69325ae74d547703f1bcfe39bd74737f30c6914f711_arm64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/ee-supported-rhel9@sha256:017495624b22a5825231dd70443dc9ab359da0df5ea16a5a04e0f4dc915b6e0f_arm64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/ee-supported-rhel9@sha256:fcb7685115cfbf0a10ef87d6bb7a43c251c207a4fd7a31c5908cad85b6ae0e1a_amd64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/gateway-proxy-rhel9@sha256:d15bd832817f039fa3c09d6d74088254b6fae15a5efed7a88279a657b2f23f16_amd64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/gateway-proxy-rhel9@sha256:e78dd744714feae5ae944c759759bff17c061c7ed2d3bd1454ba763131ed6ee0_arm64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/gateway-rhel9-operator@sha256:de3d43a8d9a2cf0d533337e825b078205cc37b01c935a4f68ac152a8a7a7533c_arm64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/gateway-rhel9-operator@sha256:eca1f9bd16210653a372e34a4f40ca4d6330618a2acba64f6f7c2e8e95026da1_amd64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/gateway-rhel9@sha256:a961d06200887f646ed797932c3159634581fe144e5f29f1fef47ddc859eed31_arm64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/gateway-rhel9@sha256:bd28a84fe3b750313749ec80d44cac88c7b06408b0caceea08d303f51c1f559a_amd64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/hub-rhel9-operator@sha256:3312c6acd7a577bd8b3ccda5a65f8505ff76e2acc7a46e7f290a49dfb53cfac4_amd64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/hub-rhel9-operator@sha256:c738cf5ef020b44a404402ddd660afc3d418a758751f848068bda4bc5bce0e35_arm64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/hub-web-rhel9@sha256:adca5f837877df04696709a4826ccae31e2fdc50aa8bc32fabb4ef40cd51f0ef_arm64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/hub-web-rhel9@sha256:fb8342f0f6b8322194bc357c7d9c9d89ef6ca052b88c5618bbf768f555a54b13_amd64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/lightspeed-chatbot-rhel9@sha256:2fab408777ea512f3cf8ac57d5989fa0017f6352dcead3a320d348a3e2ac1004_amd64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/lightspeed-chatbot-rhel9@sha256:c014148a6140721bb7733d5f30c7adbe3e2cc6f8a7cd6c3a939ab96f8c9420ee_arm64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/lightspeed-rhel9-operator@sha256:121e0bfb87b57655db4a735762a26e23f1b3de7b105cbf09bb300043601c1b43_arm64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/lightspeed-rhel9-operator@sha256:6a06579accd268ca5203edab2e46b89166ae6024507cc5b4bed2e126cdef7986_amd64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/lightspeed-rhel9@sha256:d02ae0212655f8ef70afc7a0656a2fbc95468228b003f6940d01cf4abeb5325b_arm64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/lightspeed-rhel9@sha256:d10f226739a001a0efc0178f19a73fad722dc85484017d13f388f749a374ffea_amd64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/mcp-server-rhel9@sha256:302cf11b0faed78e07e863d4b1e7e31db47590b571239385475d8a4c3cda47dc_arm64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/mcp-server-rhel9@sha256:7dbf390d29d295f346662b605448a9748e24b8f541a84f55b6b7c81b87c46025_amd64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/mcp-tools-rhel9@sha256:e6c019048612b124e9a2100220d46f242f0fd2302bbe42e674bf84c21a56b733_amd64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/mcp-tools-rhel9@sha256:f07206e7881bd11636bebb95f7ec9a70cc817f07d7b34f792265a5ec91d4432b_arm64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/metrics-service-rhel9-operator@sha256:7007f666eadfd7294801e6412e624dbc4bd2288f13ea8820ee55e7552f471831_amd64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/metrics-service-rhel9-operator@sha256:d71829d8bd9bfdba7d248e2e2cd5795139382947889b71bb96b27f7d443e1591_arm64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/metrics-service-rhel9@sha256:ce4ef5c8af91d2056a034f9559a5d92742b18aea7aeaf03d2bacfa92d67c5b9b_arm64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/metrics-service-rhel9@sha256:ee347c1a7b52e512d6bdd65afda44f0e372abbaf4c1f81750f23fc473becf777_amd64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/platform-resource-rhel9-operator@sha256:3641db944490dd326c814487e1c10d5d9d079ba74f8321930ab277fe44b51705_amd64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/platform-resource-rhel9-operator@sha256:7e6ea2d4253efb0aaabce270c56bf8ef84148592862608f501b639566b9996f0_arm64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/platform-resource-runner-rhel9@sha256:41c9292a512f44347fc348afd6846e7e8832abde31452ee12ec8eca235acdce4_amd64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/platform-resource-runner-rhel9@sha256:f30a9515d678d60e9ac035b876ecdaaa8a4852c87fe55e16bcabf598ad447b14_arm64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/receptor-rhel9@sha256:1ad72d1f577d63894eec4278c1b92b6e295cb3c0543b4dd2e93750c2cc83d535_amd64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/receptor-rhel9@sha256:5c5bc6761dbd47effea36014affa352bddd5a18696377967f1f50b75df2741fe_arm64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform/platform-operator-bundle@sha256:32560cdb08b7da9d671f9b035e595971c5bdf865c56eb6825b9a4910add1b9cf_amd64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform/platform-operator-bundle@sha256:8ef224281fd23b4203da09336df25550db17b01f025e99b8e9821d4bc3ddedfc_amd64 | — |
Threats
Impact
Moderate
A flaw was found in urllib3, an HTTP client library for Python. This vulnerability allows a remote attacker to cause excessive resource consumption, such as high CPU usage and massive memory allocation, on the client side. This occurs when urllib3 attempts to decompress an entire HTTP response, even if only a partial read was requested, or when draining the connection after a partial decompression. This can lead to a Denial of Service (DoS) condition.
7.5 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/eda-controller-rhel9@sha256:daefffce756c8c7918377279ada50a9cc127ab0939ed308c786940d5dc42e0d9_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/eda-controller-rhel9@sha256:dfde61892d055e89b056f7fb8863f3a0961df2bb8890323b8301670fc8afc66b_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/hub-rhel9@sha256:3a04de6f43c1352f5df5c5a9e19fd8aad23d2921d23dcef8a9f5e121a87fe800_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/hub-rhel9@sha256:cdd7f08ba3846269e6932375c1a7bdb4ed3bfe062ba7bcd5a872def4293150a6_amd64 | — |
Vendor Fix
fix
|
Known not affected
56 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/aap-must-gather-rhel9@sha256:51ed36bb2a95df762fa0239faf7bcc70b68dbd5f744bd2094f5e29ecc6700eb3_amd64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/aap-must-gather-rhel9@sha256:8426a97219763cb74366755416683d79e8b56c95da290b0fa2fff59a5db51db3_arm64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/ansible-builder-rhel9@sha256:0ddbc5f91472e5872912da6131e71df85e87b79ef8ea3d38bb4247f1456d4a00_amd64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/ansible-builder-rhel9@sha256:f75e2056244899ae5e2ecab1404663bf554f7451cc521e0d7a75a2f40ecac7a1_arm64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/ansible-dev-tools-rhel9@sha256:7dcd3a60624fa4f6c9f591ef8ffc48ba0f5152b7108a6070fa8f680c20168c95_arm64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/ansible-dev-tools-rhel9@sha256:a8135ef1879793f311f2661c380bd5fbbedc14a4d195aeaa5a4cb04ad4845f49_amd64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/ansible-devspaces-rhel9@sha256:2211c0e7cd573bf30873329c46e91f98ff01fcb7e0753823d4c0517217c31ac3_arm64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/ansible-devspaces-rhel9@sha256:a6903f68684eb8f5bc688b75e390727b5ed48b864784657e49611966266c9f3f_amd64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/controller-rhel9-operator@sha256:5ffa88952441ddab19ada1bd2603e3614b75d10ef51e38098c2d22d8b358b518_amd64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/controller-rhel9-operator@sha256:afca3fb56256dcb7cb04a67fb52bff0160064c65f901a70fa3e97ed30ddaab7a_arm64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/controller-rhel9@sha256:5e1a04dbcddc141f0026ccee871050cf974175b62c3d22b33e5ec3aec54128d3_amd64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/controller-rhel9@sha256:ddb59951ccb324d8bd6ae9c6a6093f211bcb08d8cac7c4fb10f191e421aa59d3_arm64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/de-minimal-rhel9@sha256:55ad63ce31700829d0df23692d02cb7796404b122f790f9329f4b742c5f6783e_amd64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/de-minimal-rhel9@sha256:587ec88d08d4113f07778f81aae6de62c9e9d971b677b1375b547aa7dd1178c8_arm64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/de-supported-rhel9@sha256:5aa7b2e33b9480f45faf8b4686bfb264838b5c1c62c537c5a2ec7b5a8617ac49_amd64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/de-supported-rhel9@sha256:830fa58a60fbd7f768e236b2052edd1d37fc7cf383a0ccd65483b09fa5b07bd2_arm64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/eda-controller-rhel9-operator@sha256:a18f77ccf6c524f5d0c11d34d6787b22548194b6897abd491de85b00fc1befd3_amd64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/eda-controller-rhel9-operator@sha256:b58803576b7a2e119ffe83ceb252d8d402f1611c891c2c6ac7c4e0399acd848f_arm64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/eda-controller-ui-rhel9@sha256:bd7350b62eb0f2de274eafd7dc32e4cf3073bd597e282268ff17777b9fe5d102_arm64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/eda-controller-ui-rhel9@sha256:fe72e508123fdd2795959017e5572689b039d5bdfc675dc45673c5586fceea17_amd64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/ee-minimal-rhel9@sha256:abaebe0c1fbc2a013fad8ec411a449705c8a78759b82ddbe661afd99e90dada5_amd64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/ee-minimal-rhel9@sha256:c4f9e3356a2217008bd6f69325ae74d547703f1bcfe39bd74737f30c6914f711_arm64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/ee-supported-rhel9@sha256:017495624b22a5825231dd70443dc9ab359da0df5ea16a5a04e0f4dc915b6e0f_arm64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/ee-supported-rhel9@sha256:fcb7685115cfbf0a10ef87d6bb7a43c251c207a4fd7a31c5908cad85b6ae0e1a_amd64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/gateway-proxy-rhel9@sha256:d15bd832817f039fa3c09d6d74088254b6fae15a5efed7a88279a657b2f23f16_amd64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/gateway-proxy-rhel9@sha256:e78dd744714feae5ae944c759759bff17c061c7ed2d3bd1454ba763131ed6ee0_arm64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/gateway-rhel9-operator@sha256:de3d43a8d9a2cf0d533337e825b078205cc37b01c935a4f68ac152a8a7a7533c_arm64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/gateway-rhel9-operator@sha256:eca1f9bd16210653a372e34a4f40ca4d6330618a2acba64f6f7c2e8e95026da1_amd64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/gateway-rhel9@sha256:a961d06200887f646ed797932c3159634581fe144e5f29f1fef47ddc859eed31_arm64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/gateway-rhel9@sha256:bd28a84fe3b750313749ec80d44cac88c7b06408b0caceea08d303f51c1f559a_amd64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/hub-rhel9-operator@sha256:3312c6acd7a577bd8b3ccda5a65f8505ff76e2acc7a46e7f290a49dfb53cfac4_amd64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/hub-rhel9-operator@sha256:c738cf5ef020b44a404402ddd660afc3d418a758751f848068bda4bc5bce0e35_arm64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/hub-web-rhel9@sha256:adca5f837877df04696709a4826ccae31e2fdc50aa8bc32fabb4ef40cd51f0ef_arm64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/hub-web-rhel9@sha256:fb8342f0f6b8322194bc357c7d9c9d89ef6ca052b88c5618bbf768f555a54b13_amd64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/lightspeed-chatbot-rhel9@sha256:2fab408777ea512f3cf8ac57d5989fa0017f6352dcead3a320d348a3e2ac1004_amd64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/lightspeed-chatbot-rhel9@sha256:c014148a6140721bb7733d5f30c7adbe3e2cc6f8a7cd6c3a939ab96f8c9420ee_arm64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/lightspeed-rhel9-operator@sha256:121e0bfb87b57655db4a735762a26e23f1b3de7b105cbf09bb300043601c1b43_arm64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/lightspeed-rhel9-operator@sha256:6a06579accd268ca5203edab2e46b89166ae6024507cc5b4bed2e126cdef7986_amd64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/lightspeed-rhel9@sha256:d02ae0212655f8ef70afc7a0656a2fbc95468228b003f6940d01cf4abeb5325b_arm64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/lightspeed-rhel9@sha256:d10f226739a001a0efc0178f19a73fad722dc85484017d13f388f749a374ffea_amd64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/mcp-server-rhel9@sha256:302cf11b0faed78e07e863d4b1e7e31db47590b571239385475d8a4c3cda47dc_arm64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/mcp-server-rhel9@sha256:7dbf390d29d295f346662b605448a9748e24b8f541a84f55b6b7c81b87c46025_amd64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/mcp-tools-rhel9@sha256:e6c019048612b124e9a2100220d46f242f0fd2302bbe42e674bf84c21a56b733_amd64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/mcp-tools-rhel9@sha256:f07206e7881bd11636bebb95f7ec9a70cc817f07d7b34f792265a5ec91d4432b_arm64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/metrics-service-rhel9-operator@sha256:7007f666eadfd7294801e6412e624dbc4bd2288f13ea8820ee55e7552f471831_amd64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/metrics-service-rhel9-operator@sha256:d71829d8bd9bfdba7d248e2e2cd5795139382947889b71bb96b27f7d443e1591_arm64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/metrics-service-rhel9@sha256:ce4ef5c8af91d2056a034f9559a5d92742b18aea7aeaf03d2bacfa92d67c5b9b_arm64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/metrics-service-rhel9@sha256:ee347c1a7b52e512d6bdd65afda44f0e372abbaf4c1f81750f23fc473becf777_amd64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/platform-resource-rhel9-operator@sha256:3641db944490dd326c814487e1c10d5d9d079ba74f8321930ab277fe44b51705_amd64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/platform-resource-rhel9-operator@sha256:7e6ea2d4253efb0aaabce270c56bf8ef84148592862608f501b639566b9996f0_arm64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/platform-resource-runner-rhel9@sha256:41c9292a512f44347fc348afd6846e7e8832abde31452ee12ec8eca235acdce4_amd64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/platform-resource-runner-rhel9@sha256:f30a9515d678d60e9ac035b876ecdaaa8a4852c87fe55e16bcabf598ad447b14_arm64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/receptor-rhel9@sha256:1ad72d1f577d63894eec4278c1b92b6e295cb3c0543b4dd2e93750c2cc83d535_amd64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/receptor-rhel9@sha256:5c5bc6761dbd47effea36014affa352bddd5a18696377967f1f50b75df2741fe_arm64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform/platform-operator-bundle@sha256:32560cdb08b7da9d671f9b035e595971c5bdf865c56eb6825b9a4910add1b9cf_amd64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform/platform-operator-bundle@sha256:8ef224281fd23b4203da09336df25550db17b01f025e99b8e9821d4bc3ddedfc_amd64 | — |
Threats
Impact
Important
A flaw was found in PyJWT, a Python library for JSON Web Token (JWT) implementation. When decoding JWTs, the library fails to validate the use of JSON Web Keys (JWK) in the HMAC algorithm while also supporting asymmetric algorithms. This allows a remote attacker to use the issuer's public key as the secret key for the HMAC algorithm, leading to the ability to forge JWTs. This vulnerability can result in authentication bypass or unauthorized access.
7.4 (High)
Affected products
Fixed
10 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/ee-supported-rhel9@sha256:017495624b22a5825231dd70443dc9ab359da0df5ea16a5a04e0f4dc915b6e0f_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/ee-supported-rhel9@sha256:fcb7685115cfbf0a10ef87d6bb7a43c251c207a4fd7a31c5908cad85b6ae0e1a_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/hub-rhel9@sha256:3a04de6f43c1352f5df5c5a9e19fd8aad23d2921d23dcef8a9f5e121a87fe800_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/hub-rhel9@sha256:cdd7f08ba3846269e6932375c1a7bdb4ed3bfe062ba7bcd5a872def4293150a6_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/lightspeed-chatbot-rhel9@sha256:2fab408777ea512f3cf8ac57d5989fa0017f6352dcead3a320d348a3e2ac1004_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/lightspeed-chatbot-rhel9@sha256:c014148a6140721bb7733d5f30c7adbe3e2cc6f8a7cd6c3a939ab96f8c9420ee_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/lightspeed-rhel9@sha256:d02ae0212655f8ef70afc7a0656a2fbc95468228b003f6940d01cf4abeb5325b_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/lightspeed-rhel9@sha256:d10f226739a001a0efc0178f19a73fad722dc85484017d13f388f749a374ffea_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/mcp-tools-rhel9@sha256:e6c019048612b124e9a2100220d46f242f0fd2302bbe42e674bf84c21a56b733_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/mcp-tools-rhel9@sha256:f07206e7881bd11636bebb95f7ec9a70cc817f07d7b34f792265a5ec91d4432b_arm64 | — |
Vendor Fix
fix
|
Known not affected
50 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/aap-must-gather-rhel9@sha256:51ed36bb2a95df762fa0239faf7bcc70b68dbd5f744bd2094f5e29ecc6700eb3_amd64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/aap-must-gather-rhel9@sha256:8426a97219763cb74366755416683d79e8b56c95da290b0fa2fff59a5db51db3_arm64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/ansible-builder-rhel9@sha256:0ddbc5f91472e5872912da6131e71df85e87b79ef8ea3d38bb4247f1456d4a00_amd64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/ansible-builder-rhel9@sha256:f75e2056244899ae5e2ecab1404663bf554f7451cc521e0d7a75a2f40ecac7a1_arm64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/ansible-dev-tools-rhel9@sha256:7dcd3a60624fa4f6c9f591ef8ffc48ba0f5152b7108a6070fa8f680c20168c95_arm64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/ansible-dev-tools-rhel9@sha256:a8135ef1879793f311f2661c380bd5fbbedc14a4d195aeaa5a4cb04ad4845f49_amd64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/ansible-devspaces-rhel9@sha256:2211c0e7cd573bf30873329c46e91f98ff01fcb7e0753823d4c0517217c31ac3_arm64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/ansible-devspaces-rhel9@sha256:a6903f68684eb8f5bc688b75e390727b5ed48b864784657e49611966266c9f3f_amd64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/controller-rhel9-operator@sha256:5ffa88952441ddab19ada1bd2603e3614b75d10ef51e38098c2d22d8b358b518_amd64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/controller-rhel9-operator@sha256:afca3fb56256dcb7cb04a67fb52bff0160064c65f901a70fa3e97ed30ddaab7a_arm64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/controller-rhel9@sha256:5e1a04dbcddc141f0026ccee871050cf974175b62c3d22b33e5ec3aec54128d3_amd64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/controller-rhel9@sha256:ddb59951ccb324d8bd6ae9c6a6093f211bcb08d8cac7c4fb10f191e421aa59d3_arm64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/de-minimal-rhel9@sha256:55ad63ce31700829d0df23692d02cb7796404b122f790f9329f4b742c5f6783e_amd64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/de-minimal-rhel9@sha256:587ec88d08d4113f07778f81aae6de62c9e9d971b677b1375b547aa7dd1178c8_arm64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/de-supported-rhel9@sha256:5aa7b2e33b9480f45faf8b4686bfb264838b5c1c62c537c5a2ec7b5a8617ac49_amd64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/de-supported-rhel9@sha256:830fa58a60fbd7f768e236b2052edd1d37fc7cf383a0ccd65483b09fa5b07bd2_arm64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/eda-controller-rhel9-operator@sha256:a18f77ccf6c524f5d0c11d34d6787b22548194b6897abd491de85b00fc1befd3_amd64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/eda-controller-rhel9-operator@sha256:b58803576b7a2e119ffe83ceb252d8d402f1611c891c2c6ac7c4e0399acd848f_arm64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/eda-controller-rhel9@sha256:daefffce756c8c7918377279ada50a9cc127ab0939ed308c786940d5dc42e0d9_arm64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/eda-controller-rhel9@sha256:dfde61892d055e89b056f7fb8863f3a0961df2bb8890323b8301670fc8afc66b_amd64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/eda-controller-ui-rhel9@sha256:bd7350b62eb0f2de274eafd7dc32e4cf3073bd597e282268ff17777b9fe5d102_arm64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/eda-controller-ui-rhel9@sha256:fe72e508123fdd2795959017e5572689b039d5bdfc675dc45673c5586fceea17_amd64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/ee-minimal-rhel9@sha256:abaebe0c1fbc2a013fad8ec411a449705c8a78759b82ddbe661afd99e90dada5_amd64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/ee-minimal-rhel9@sha256:c4f9e3356a2217008bd6f69325ae74d547703f1bcfe39bd74737f30c6914f711_arm64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/gateway-proxy-rhel9@sha256:d15bd832817f039fa3c09d6d74088254b6fae15a5efed7a88279a657b2f23f16_amd64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/gateway-proxy-rhel9@sha256:e78dd744714feae5ae944c759759bff17c061c7ed2d3bd1454ba763131ed6ee0_arm64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/gateway-rhel9-operator@sha256:de3d43a8d9a2cf0d533337e825b078205cc37b01c935a4f68ac152a8a7a7533c_arm64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/gateway-rhel9-operator@sha256:eca1f9bd16210653a372e34a4f40ca4d6330618a2acba64f6f7c2e8e95026da1_amd64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/gateway-rhel9@sha256:a961d06200887f646ed797932c3159634581fe144e5f29f1fef47ddc859eed31_arm64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/gateway-rhel9@sha256:bd28a84fe3b750313749ec80d44cac88c7b06408b0caceea08d303f51c1f559a_amd64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/hub-rhel9-operator@sha256:3312c6acd7a577bd8b3ccda5a65f8505ff76e2acc7a46e7f290a49dfb53cfac4_amd64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/hub-rhel9-operator@sha256:c738cf5ef020b44a404402ddd660afc3d418a758751f848068bda4bc5bce0e35_arm64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/hub-web-rhel9@sha256:adca5f837877df04696709a4826ccae31e2fdc50aa8bc32fabb4ef40cd51f0ef_arm64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/hub-web-rhel9@sha256:fb8342f0f6b8322194bc357c7d9c9d89ef6ca052b88c5618bbf768f555a54b13_amd64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/lightspeed-rhel9-operator@sha256:121e0bfb87b57655db4a735762a26e23f1b3de7b105cbf09bb300043601c1b43_arm64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/lightspeed-rhel9-operator@sha256:6a06579accd268ca5203edab2e46b89166ae6024507cc5b4bed2e126cdef7986_amd64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/mcp-server-rhel9@sha256:302cf11b0faed78e07e863d4b1e7e31db47590b571239385475d8a4c3cda47dc_arm64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/mcp-server-rhel9@sha256:7dbf390d29d295f346662b605448a9748e24b8f541a84f55b6b7c81b87c46025_amd64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/metrics-service-rhel9-operator@sha256:7007f666eadfd7294801e6412e624dbc4bd2288f13ea8820ee55e7552f471831_amd64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/metrics-service-rhel9-operator@sha256:d71829d8bd9bfdba7d248e2e2cd5795139382947889b71bb96b27f7d443e1591_arm64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/metrics-service-rhel9@sha256:ce4ef5c8af91d2056a034f9559a5d92742b18aea7aeaf03d2bacfa92d67c5b9b_arm64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/metrics-service-rhel9@sha256:ee347c1a7b52e512d6bdd65afda44f0e372abbaf4c1f81750f23fc473becf777_amd64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/platform-resource-rhel9-operator@sha256:3641db944490dd326c814487e1c10d5d9d079ba74f8321930ab277fe44b51705_amd64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/platform-resource-rhel9-operator@sha256:7e6ea2d4253efb0aaabce270c56bf8ef84148592862608f501b639566b9996f0_arm64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/platform-resource-runner-rhel9@sha256:41c9292a512f44347fc348afd6846e7e8832abde31452ee12ec8eca235acdce4_amd64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/platform-resource-runner-rhel9@sha256:f30a9515d678d60e9ac035b876ecdaaa8a4852c87fe55e16bcabf598ad447b14_arm64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/receptor-rhel9@sha256:1ad72d1f577d63894eec4278c1b92b6e295cb3c0543b4dd2e93750c2cc83d535_amd64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/receptor-rhel9@sha256:5c5bc6761dbd47effea36014affa352bddd5a18696377967f1f50b75df2741fe_arm64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform/platform-operator-bundle@sha256:32560cdb08b7da9d671f9b035e595971c5bdf865c56eb6825b9a4910add1b9cf_amd64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform/platform-operator-bundle@sha256:8ef224281fd23b4203da09336df25550db17b01f025e99b8e9821d4bc3ddedfc_amd64 | — |
Threats
Impact
Important
References
27 references
Acknowledgments
Red Hat Inc.
Laura Pardo
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update is now available for Red Hat Ansible Automation Platform 2.7",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat Ansible Automation Platform provides an enterprise framework for building, deploying and managing IT automation at scale. IT Managers can provide top-down guidelines on how automation is applied to individual teams, while automation developers retain the freedom to write tasks that leverage existing knowledge without the overhead. Ansible Automation Platform makes it possible for users across an organization to share, vet, and manage automation content by means of a simple, powerful, and agentless language.\n\nFor details about this release, refer to the release notes listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:25928",
"url": "https://access.redhat.com/errata/RHSA-2026:25928"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-44188",
"url": "https://access.redhat.com/security/cve/CVE-2026-44188"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-44431",
"url": "https://access.redhat.com/security/cve/CVE-2026-44431"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-44432",
"url": "https://access.redhat.com/security/cve/CVE-2026-44432"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-48526",
"url": "https://access.redhat.com/security/cve/CVE-2026-48526"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "external",
"summary": "https://docs.redhat.com/en/documentation/red_hat_ansible_automation_platform/2.7/whats_new-async_updates",
"url": "https://docs.redhat.com/en/documentation/red_hat_ansible_automation_platform/2.7/whats_new-async_updates"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_25928.json"
}
],
"title": "Red Hat Security Advisory: Red Hat Ansible Automation Platform 2.7 Container Release Update",
"tracking": {
"current_release_date": "2026-06-23T21:53:22+00:00",
"generator": {
"date": "2026-06-23T21:53:22+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.0.0"
}
},
"id": "RHSA-2026:25928",
"initial_release_date": "2026-06-15T08:51:13+00:00",
"revision_history": [
{
"date": "2026-06-15T08:51:13+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-06-15T08:51:20+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-06-23T21:53:22+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Ansible Automation Platform 2.7",
"product": {
"name": "Red Hat Ansible Automation Platform 2.7",
"product_id": "Red Hat Ansible Automation Platform 2.7",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:ansible_automation_platform:2.7::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat Ansible Automation Platform"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform/platform-operator-bundle@sha256:8ef224281fd23b4203da09336df25550db17b01f025e99b8e9821d4bc3ddedfc_amd64",
"product": {
"name": "registry.redhat.io/ansible-automation-platform/platform-operator-bundle@sha256:8ef224281fd23b4203da09336df25550db17b01f025e99b8e9821d4bc3ddedfc_amd64",
"product_id": "registry.redhat.io/ansible-automation-platform/platform-operator-bundle@sha256:8ef224281fd23b4203da09336df25550db17b01f025e99b8e9821d4bc3ddedfc_amd64",
"product_identification_helper": {
"purl": "pkg:oci/platform-operator-bundle@sha256%3A8ef224281fd23b4203da09336df25550db17b01f025e99b8e9821d4bc3ddedfc?arch=amd64\u0026repository_url=registry.redhat.io/ansible-automation-platform/platform-operator-bundle\u0026tag=1781122716"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-27/mcp-server-rhel9@sha256:7dbf390d29d295f346662b605448a9748e24b8f541a84f55b6b7c81b87c46025_amd64",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-27/mcp-server-rhel9@sha256:7dbf390d29d295f346662b605448a9748e24b8f541a84f55b6b7c81b87c46025_amd64",
"product_id": "registry.redhat.io/ansible-automation-platform-27/mcp-server-rhel9@sha256:7dbf390d29d295f346662b605448a9748e24b8f541a84f55b6b7c81b87c46025_amd64",
"product_identification_helper": {
"purl": "pkg:oci/mcp-server-rhel9@sha256%3A7dbf390d29d295f346662b605448a9748e24b8f541a84f55b6b7c81b87c46025?arch=amd64\u0026repository_url=registry.redhat.io/ansible-automation-platform-27/mcp-server-rhel9\u0026tag=1780741250"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-27/aap-must-gather-rhel9@sha256:51ed36bb2a95df762fa0239faf7bcc70b68dbd5f744bd2094f5e29ecc6700eb3_amd64",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-27/aap-must-gather-rhel9@sha256:51ed36bb2a95df762fa0239faf7bcc70b68dbd5f744bd2094f5e29ecc6700eb3_amd64",
"product_id": "registry.redhat.io/ansible-automation-platform-27/aap-must-gather-rhel9@sha256:51ed36bb2a95df762fa0239faf7bcc70b68dbd5f744bd2094f5e29ecc6700eb3_amd64",
"product_identification_helper": {
"purl": "pkg:oci/aap-must-gather-rhel9@sha256%3A51ed36bb2a95df762fa0239faf7bcc70b68dbd5f744bd2094f5e29ecc6700eb3?arch=amd64\u0026repository_url=registry.redhat.io/ansible-automation-platform-27/aap-must-gather-rhel9\u0026tag=1780676763"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform/platform-operator-bundle@sha256:32560cdb08b7da9d671f9b035e595971c5bdf865c56eb6825b9a4910add1b9cf_amd64",
"product": {
"name": "registry.redhat.io/ansible-automation-platform/platform-operator-bundle@sha256:32560cdb08b7da9d671f9b035e595971c5bdf865c56eb6825b9a4910add1b9cf_amd64",
"product_id": "registry.redhat.io/ansible-automation-platform/platform-operator-bundle@sha256:32560cdb08b7da9d671f9b035e595971c5bdf865c56eb6825b9a4910add1b9cf_amd64",
"product_identification_helper": {
"purl": "pkg:oci/platform-operator-bundle@sha256%3A32560cdb08b7da9d671f9b035e595971c5bdf865c56eb6825b9a4910add1b9cf?arch=amd64\u0026repository_url=registry.redhat.io/ansible-automation-platform/platform-operator-bundle\u0026tag=1781122716"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-27/ansible-builder-rhel9@sha256:0ddbc5f91472e5872912da6131e71df85e87b79ef8ea3d38bb4247f1456d4a00_amd64",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-27/ansible-builder-rhel9@sha256:0ddbc5f91472e5872912da6131e71df85e87b79ef8ea3d38bb4247f1456d4a00_amd64",
"product_id": "registry.redhat.io/ansible-automation-platform-27/ansible-builder-rhel9@sha256:0ddbc5f91472e5872912da6131e71df85e87b79ef8ea3d38bb4247f1456d4a00_amd64",
"product_identification_helper": {
"purl": "pkg:oci/ansible-builder-rhel9@sha256%3A0ddbc5f91472e5872912da6131e71df85e87b79ef8ea3d38bb4247f1456d4a00?arch=amd64\u0026repository_url=registry.redhat.io/ansible-automation-platform-27/ansible-builder-rhel9\u0026tag=1781101539"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-27/ansible-devspaces-rhel9@sha256:a6903f68684eb8f5bc688b75e390727b5ed48b864784657e49611966266c9f3f_amd64",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-27/ansible-devspaces-rhel9@sha256:a6903f68684eb8f5bc688b75e390727b5ed48b864784657e49611966266c9f3f_amd64",
"product_id": "registry.redhat.io/ansible-automation-platform-27/ansible-devspaces-rhel9@sha256:a6903f68684eb8f5bc688b75e390727b5ed48b864784657e49611966266c9f3f_amd64",
"product_identification_helper": {
"purl": "pkg:oci/ansible-devspaces-rhel9@sha256%3Aa6903f68684eb8f5bc688b75e390727b5ed48b864784657e49611966266c9f3f?arch=amd64\u0026repository_url=registry.redhat.io/ansible-automation-platform-27/ansible-devspaces-rhel9\u0026tag=1781112811"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-27/ansible-dev-tools-rhel9@sha256:a8135ef1879793f311f2661c380bd5fbbedc14a4d195aeaa5a4cb04ad4845f49_amd64",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-27/ansible-dev-tools-rhel9@sha256:a8135ef1879793f311f2661c380bd5fbbedc14a4d195aeaa5a4cb04ad4845f49_amd64",
"product_id": "registry.redhat.io/ansible-automation-platform-27/ansible-dev-tools-rhel9@sha256:a8135ef1879793f311f2661c380bd5fbbedc14a4d195aeaa5a4cb04ad4845f49_amd64",
"product_identification_helper": {
"purl": "pkg:oci/ansible-dev-tools-rhel9@sha256%3Aa8135ef1879793f311f2661c380bd5fbbedc14a4d195aeaa5a4cb04ad4845f49?arch=amd64\u0026repository_url=registry.redhat.io/ansible-automation-platform-27/ansible-dev-tools-rhel9\u0026tag=1780676633"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-27/lightspeed-chatbot-rhel9@sha256:2fab408777ea512f3cf8ac57d5989fa0017f6352dcead3a320d348a3e2ac1004_amd64",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-27/lightspeed-chatbot-rhel9@sha256:2fab408777ea512f3cf8ac57d5989fa0017f6352dcead3a320d348a3e2ac1004_amd64",
"product_id": "registry.redhat.io/ansible-automation-platform-27/lightspeed-chatbot-rhel9@sha256:2fab408777ea512f3cf8ac57d5989fa0017f6352dcead3a320d348a3e2ac1004_amd64",
"product_identification_helper": {
"purl": "pkg:oci/lightspeed-chatbot-rhel9@sha256%3A2fab408777ea512f3cf8ac57d5989fa0017f6352dcead3a320d348a3e2ac1004?arch=amd64\u0026repository_url=registry.redhat.io/ansible-automation-platform-27/lightspeed-chatbot-rhel9\u0026tag=1781042555"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-27/lightspeed-rhel9@sha256:d10f226739a001a0efc0178f19a73fad722dc85484017d13f388f749a374ffea_amd64",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-27/lightspeed-rhel9@sha256:d10f226739a001a0efc0178f19a73fad722dc85484017d13f388f749a374ffea_amd64",
"product_id": "registry.redhat.io/ansible-automation-platform-27/lightspeed-rhel9@sha256:d10f226739a001a0efc0178f19a73fad722dc85484017d13f388f749a374ffea_amd64",
"product_identification_helper": {
"purl": "pkg:oci/lightspeed-rhel9@sha256%3Ad10f226739a001a0efc0178f19a73fad722dc85484017d13f388f749a374ffea?arch=amd64\u0026repository_url=registry.redhat.io/ansible-automation-platform-27/lightspeed-rhel9\u0026tag=1781025813"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-27/lightspeed-rhel9-operator@sha256:6a06579accd268ca5203edab2e46b89166ae6024507cc5b4bed2e126cdef7986_amd64",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-27/lightspeed-rhel9-operator@sha256:6a06579accd268ca5203edab2e46b89166ae6024507cc5b4bed2e126cdef7986_amd64",
"product_id": "registry.redhat.io/ansible-automation-platform-27/lightspeed-rhel9-operator@sha256:6a06579accd268ca5203edab2e46b89166ae6024507cc5b4bed2e126cdef7986_amd64",
"product_identification_helper": {
"purl": "pkg:oci/lightspeed-rhel9-operator@sha256%3A6a06579accd268ca5203edab2e46b89166ae6024507cc5b4bed2e126cdef7986?arch=amd64\u0026repository_url=registry.redhat.io/ansible-automation-platform-27/lightspeed-rhel9-operator\u0026tag=1781012601"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-27/mcp-tools-rhel9@sha256:e6c019048612b124e9a2100220d46f242f0fd2302bbe42e674bf84c21a56b733_amd64",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-27/mcp-tools-rhel9@sha256:e6c019048612b124e9a2100220d46f242f0fd2302bbe42e674bf84c21a56b733_amd64",
"product_id": "registry.redhat.io/ansible-automation-platform-27/mcp-tools-rhel9@sha256:e6c019048612b124e9a2100220d46f242f0fd2302bbe42e674bf84c21a56b733_amd64",
"product_identification_helper": {
"purl": "pkg:oci/mcp-tools-rhel9@sha256%3Ae6c019048612b124e9a2100220d46f242f0fd2302bbe42e674bf84c21a56b733?arch=amd64\u0026repository_url=registry.redhat.io/ansible-automation-platform-27/mcp-tools-rhel9\u0026tag=1781030318"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-27/controller-rhel9@sha256:5e1a04dbcddc141f0026ccee871050cf974175b62c3d22b33e5ec3aec54128d3_amd64",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-27/controller-rhel9@sha256:5e1a04dbcddc141f0026ccee871050cf974175b62c3d22b33e5ec3aec54128d3_amd64",
"product_id": "registry.redhat.io/ansible-automation-platform-27/controller-rhel9@sha256:5e1a04dbcddc141f0026ccee871050cf974175b62c3d22b33e5ec3aec54128d3_amd64",
"product_identification_helper": {
"purl": "pkg:oci/controller-rhel9@sha256%3A5e1a04dbcddc141f0026ccee871050cf974175b62c3d22b33e5ec3aec54128d3?arch=amd64\u0026repository_url=registry.redhat.io/ansible-automation-platform-27/controller-rhel9\u0026tag=1781097765"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-27/controller-rhel9-operator@sha256:5ffa88952441ddab19ada1bd2603e3614b75d10ef51e38098c2d22d8b358b518_amd64",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-27/controller-rhel9-operator@sha256:5ffa88952441ddab19ada1bd2603e3614b75d10ef51e38098c2d22d8b358b518_amd64",
"product_id": "registry.redhat.io/ansible-automation-platform-27/controller-rhel9-operator@sha256:5ffa88952441ddab19ada1bd2603e3614b75d10ef51e38098c2d22d8b358b518_amd64",
"product_identification_helper": {
"purl": "pkg:oci/controller-rhel9-operator@sha256%3A5ffa88952441ddab19ada1bd2603e3614b75d10ef51e38098c2d22d8b358b518?arch=amd64\u0026repository_url=registry.redhat.io/ansible-automation-platform-27/controller-rhel9-operator\u0026tag=1781020811"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-27/eda-controller-rhel9@sha256:dfde61892d055e89b056f7fb8863f3a0961df2bb8890323b8301670fc8afc66b_amd64",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-27/eda-controller-rhel9@sha256:dfde61892d055e89b056f7fb8863f3a0961df2bb8890323b8301670fc8afc66b_amd64",
"product_id": "registry.redhat.io/ansible-automation-platform-27/eda-controller-rhel9@sha256:dfde61892d055e89b056f7fb8863f3a0961df2bb8890323b8301670fc8afc66b_amd64",
"product_identification_helper": {
"purl": "pkg:oci/eda-controller-rhel9@sha256%3Adfde61892d055e89b056f7fb8863f3a0961df2bb8890323b8301670fc8afc66b?arch=amd64\u0026repository_url=registry.redhat.io/ansible-automation-platform-27/eda-controller-rhel9\u0026tag=1781028735"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-27/eda-controller-rhel9-operator@sha256:a18f77ccf6c524f5d0c11d34d6787b22548194b6897abd491de85b00fc1befd3_amd64",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-27/eda-controller-rhel9-operator@sha256:a18f77ccf6c524f5d0c11d34d6787b22548194b6897abd491de85b00fc1befd3_amd64",
"product_id": "registry.redhat.io/ansible-automation-platform-27/eda-controller-rhel9-operator@sha256:a18f77ccf6c524f5d0c11d34d6787b22548194b6897abd491de85b00fc1befd3_amd64",
"product_identification_helper": {
"purl": "pkg:oci/eda-controller-rhel9-operator@sha256%3Aa18f77ccf6c524f5d0c11d34d6787b22548194b6897abd491de85b00fc1befd3?arch=amd64\u0026repository_url=registry.redhat.io/ansible-automation-platform-27/eda-controller-rhel9-operator\u0026tag=1780676212"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-27/eda-controller-ui-rhel9@sha256:fe72e508123fdd2795959017e5572689b039d5bdfc675dc45673c5586fceea17_amd64",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-27/eda-controller-ui-rhel9@sha256:fe72e508123fdd2795959017e5572689b039d5bdfc675dc45673c5586fceea17_amd64",
"product_id": "registry.redhat.io/ansible-automation-platform-27/eda-controller-ui-rhel9@sha256:fe72e508123fdd2795959017e5572689b039d5bdfc675dc45673c5586fceea17_amd64",
"product_identification_helper": {
"purl": "pkg:oci/eda-controller-ui-rhel9@sha256%3Afe72e508123fdd2795959017e5572689b039d5bdfc675dc45673c5586fceea17?arch=amd64\u0026repository_url=registry.redhat.io/ansible-automation-platform-27/eda-controller-ui-rhel9\u0026tag=1781030866"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-27/gateway-rhel9@sha256:bd28a84fe3b750313749ec80d44cac88c7b06408b0caceea08d303f51c1f559a_amd64",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-27/gateway-rhel9@sha256:bd28a84fe3b750313749ec80d44cac88c7b06408b0caceea08d303f51c1f559a_amd64",
"product_id": "registry.redhat.io/ansible-automation-platform-27/gateway-rhel9@sha256:bd28a84fe3b750313749ec80d44cac88c7b06408b0caceea08d303f51c1f559a_amd64",
"product_identification_helper": {
"purl": "pkg:oci/gateway-rhel9@sha256%3Abd28a84fe3b750313749ec80d44cac88c7b06408b0caceea08d303f51c1f559a?arch=amd64\u0026repository_url=registry.redhat.io/ansible-automation-platform-27/gateway-rhel9\u0026tag=1781044628"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-27/gateway-rhel9-operator@sha256:eca1f9bd16210653a372e34a4f40ca4d6330618a2acba64f6f7c2e8e95026da1_amd64",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-27/gateway-rhel9-operator@sha256:eca1f9bd16210653a372e34a4f40ca4d6330618a2acba64f6f7c2e8e95026da1_amd64",
"product_id": "registry.redhat.io/ansible-automation-platform-27/gateway-rhel9-operator@sha256:eca1f9bd16210653a372e34a4f40ca4d6330618a2acba64f6f7c2e8e95026da1_amd64",
"product_identification_helper": {
"purl": "pkg:oci/gateway-rhel9-operator@sha256%3Aeca1f9bd16210653a372e34a4f40ca4d6330618a2acba64f6f7c2e8e95026da1?arch=amd64\u0026repository_url=registry.redhat.io/ansible-automation-platform-27/gateway-rhel9-operator\u0026tag=1781031115"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-27/gateway-proxy-rhel9@sha256:d15bd832817f039fa3c09d6d74088254b6fae15a5efed7a88279a657b2f23f16_amd64",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-27/gateway-proxy-rhel9@sha256:d15bd832817f039fa3c09d6d74088254b6fae15a5efed7a88279a657b2f23f16_amd64",
"product_id": "registry.redhat.io/ansible-automation-platform-27/gateway-proxy-rhel9@sha256:d15bd832817f039fa3c09d6d74088254b6fae15a5efed7a88279a657b2f23f16_amd64",
"product_identification_helper": {
"purl": "pkg:oci/gateway-proxy-rhel9@sha256%3Ad15bd832817f039fa3c09d6d74088254b6fae15a5efed7a88279a657b2f23f16?arch=amd64\u0026repository_url=registry.redhat.io/ansible-automation-platform-27/gateway-proxy-rhel9\u0026tag=1781112272"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-27/hub-rhel9@sha256:cdd7f08ba3846269e6932375c1a7bdb4ed3bfe062ba7bcd5a872def4293150a6_amd64",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-27/hub-rhel9@sha256:cdd7f08ba3846269e6932375c1a7bdb4ed3bfe062ba7bcd5a872def4293150a6_amd64",
"product_id": "registry.redhat.io/ansible-automation-platform-27/hub-rhel9@sha256:cdd7f08ba3846269e6932375c1a7bdb4ed3bfe062ba7bcd5a872def4293150a6_amd64",
"product_identification_helper": {
"purl": "pkg:oci/hub-rhel9@sha256%3Acdd7f08ba3846269e6932375c1a7bdb4ed3bfe062ba7bcd5a872def4293150a6?arch=amd64\u0026repository_url=registry.redhat.io/ansible-automation-platform-27/hub-rhel9\u0026tag=1781102816"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-27/hub-rhel9-operator@sha256:3312c6acd7a577bd8b3ccda5a65f8505ff76e2acc7a46e7f290a49dfb53cfac4_amd64",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-27/hub-rhel9-operator@sha256:3312c6acd7a577bd8b3ccda5a65f8505ff76e2acc7a46e7f290a49dfb53cfac4_amd64",
"product_id": "registry.redhat.io/ansible-automation-platform-27/hub-rhel9-operator@sha256:3312c6acd7a577bd8b3ccda5a65f8505ff76e2acc7a46e7f290a49dfb53cfac4_amd64",
"product_identification_helper": {
"purl": "pkg:oci/hub-rhel9-operator@sha256%3A3312c6acd7a577bd8b3ccda5a65f8505ff76e2acc7a46e7f290a49dfb53cfac4?arch=amd64\u0026repository_url=registry.redhat.io/ansible-automation-platform-27/hub-rhel9-operator\u0026tag=1780676321"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-27/hub-web-rhel9@sha256:fb8342f0f6b8322194bc357c7d9c9d89ef6ca052b88c5618bbf768f555a54b13_amd64",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-27/hub-web-rhel9@sha256:fb8342f0f6b8322194bc357c7d9c9d89ef6ca052b88c5618bbf768f555a54b13_amd64",
"product_id": "registry.redhat.io/ansible-automation-platform-27/hub-web-rhel9@sha256:fb8342f0f6b8322194bc357c7d9c9d89ef6ca052b88c5618bbf768f555a54b13_amd64",
"product_identification_helper": {
"purl": "pkg:oci/hub-web-rhel9@sha256%3Afb8342f0f6b8322194bc357c7d9c9d89ef6ca052b88c5618bbf768f555a54b13?arch=amd64\u0026repository_url=registry.redhat.io/ansible-automation-platform-27/hub-web-rhel9\u0026tag=1781105214"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-27/metrics-service-rhel9-operator@sha256:7007f666eadfd7294801e6412e624dbc4bd2288f13ea8820ee55e7552f471831_amd64",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-27/metrics-service-rhel9-operator@sha256:7007f666eadfd7294801e6412e624dbc4bd2288f13ea8820ee55e7552f471831_amd64",
"product_id": "registry.redhat.io/ansible-automation-platform-27/metrics-service-rhel9-operator@sha256:7007f666eadfd7294801e6412e624dbc4bd2288f13ea8820ee55e7552f471831_amd64",
"product_identification_helper": {
"purl": "pkg:oci/metrics-service-rhel9-operator@sha256%3A7007f666eadfd7294801e6412e624dbc4bd2288f13ea8820ee55e7552f471831?arch=amd64\u0026repository_url=registry.redhat.io/ansible-automation-platform-27/metrics-service-rhel9-operator\u0026tag=1781020387"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-27/metrics-service-rhel9@sha256:ee347c1a7b52e512d6bdd65afda44f0e372abbaf4c1f81750f23fc473becf777_amd64",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-27/metrics-service-rhel9@sha256:ee347c1a7b52e512d6bdd65afda44f0e372abbaf4c1f81750f23fc473becf777_amd64",
"product_id": "registry.redhat.io/ansible-automation-platform-27/metrics-service-rhel9@sha256:ee347c1a7b52e512d6bdd65afda44f0e372abbaf4c1f81750f23fc473becf777_amd64",
"product_identification_helper": {
"purl": "pkg:oci/metrics-service-rhel9@sha256%3Aee347c1a7b52e512d6bdd65afda44f0e372abbaf4c1f81750f23fc473becf777?arch=amd64\u0026repository_url=registry.redhat.io/ansible-automation-platform-27/metrics-service-rhel9\u0026tag=1780937494"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-27/de-minimal-rhel9@sha256:55ad63ce31700829d0df23692d02cb7796404b122f790f9329f4b742c5f6783e_amd64",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-27/de-minimal-rhel9@sha256:55ad63ce31700829d0df23692d02cb7796404b122f790f9329f4b742c5f6783e_amd64",
"product_id": "registry.redhat.io/ansible-automation-platform-27/de-minimal-rhel9@sha256:55ad63ce31700829d0df23692d02cb7796404b122f790f9329f4b742c5f6783e_amd64",
"product_identification_helper": {
"purl": "pkg:oci/de-minimal-rhel9@sha256%3A55ad63ce31700829d0df23692d02cb7796404b122f790f9329f4b742c5f6783e?arch=amd64\u0026repository_url=registry.redhat.io/ansible-automation-platform-27/de-minimal-rhel9\u0026tag=1781036795"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-27/de-supported-rhel9@sha256:5aa7b2e33b9480f45faf8b4686bfb264838b5c1c62c537c5a2ec7b5a8617ac49_amd64",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-27/de-supported-rhel9@sha256:5aa7b2e33b9480f45faf8b4686bfb264838b5c1c62c537c5a2ec7b5a8617ac49_amd64",
"product_id": "registry.redhat.io/ansible-automation-platform-27/de-supported-rhel9@sha256:5aa7b2e33b9480f45faf8b4686bfb264838b5c1c62c537c5a2ec7b5a8617ac49_amd64",
"product_identification_helper": {
"purl": "pkg:oci/de-supported-rhel9@sha256%3A5aa7b2e33b9480f45faf8b4686bfb264838b5c1c62c537c5a2ec7b5a8617ac49?arch=amd64\u0026repository_url=registry.redhat.io/ansible-automation-platform-27/de-supported-rhel9\u0026tag=1781038454"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-27/ee-minimal-rhel9@sha256:abaebe0c1fbc2a013fad8ec411a449705c8a78759b82ddbe661afd99e90dada5_amd64",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-27/ee-minimal-rhel9@sha256:abaebe0c1fbc2a013fad8ec411a449705c8a78759b82ddbe661afd99e90dada5_amd64",
"product_id": "registry.redhat.io/ansible-automation-platform-27/ee-minimal-rhel9@sha256:abaebe0c1fbc2a013fad8ec411a449705c8a78759b82ddbe661afd99e90dada5_amd64",
"product_identification_helper": {
"purl": "pkg:oci/ee-minimal-rhel9@sha256%3Aabaebe0c1fbc2a013fad8ec411a449705c8a78759b82ddbe661afd99e90dada5?arch=amd64\u0026repository_url=registry.redhat.io/ansible-automation-platform-27/ee-minimal-rhel9\u0026tag=1781093888"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-27/ee-supported-rhel9@sha256:fcb7685115cfbf0a10ef87d6bb7a43c251c207a4fd7a31c5908cad85b6ae0e1a_amd64",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-27/ee-supported-rhel9@sha256:fcb7685115cfbf0a10ef87d6bb7a43c251c207a4fd7a31c5908cad85b6ae0e1a_amd64",
"product_id": "registry.redhat.io/ansible-automation-platform-27/ee-supported-rhel9@sha256:fcb7685115cfbf0a10ef87d6bb7a43c251c207a4fd7a31c5908cad85b6ae0e1a_amd64",
"product_identification_helper": {
"purl": "pkg:oci/ee-supported-rhel9@sha256%3Afcb7685115cfbf0a10ef87d6bb7a43c251c207a4fd7a31c5908cad85b6ae0e1a?arch=amd64\u0026repository_url=registry.redhat.io/ansible-automation-platform-27/ee-supported-rhel9\u0026tag=1781118924"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-27/platform-resource-rhel9-operator@sha256:3641db944490dd326c814487e1c10d5d9d079ba74f8321930ab277fe44b51705_amd64",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-27/platform-resource-rhel9-operator@sha256:3641db944490dd326c814487e1c10d5d9d079ba74f8321930ab277fe44b51705_amd64",
"product_id": "registry.redhat.io/ansible-automation-platform-27/platform-resource-rhel9-operator@sha256:3641db944490dd326c814487e1c10d5d9d079ba74f8321930ab277fe44b51705_amd64",
"product_identification_helper": {
"purl": "pkg:oci/platform-resource-rhel9-operator@sha256%3A3641db944490dd326c814487e1c10d5d9d079ba74f8321930ab277fe44b51705?arch=amd64\u0026repository_url=registry.redhat.io/ansible-automation-platform-27/platform-resource-rhel9-operator\u0026tag=1781102902"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-27/platform-resource-runner-rhel9@sha256:41c9292a512f44347fc348afd6846e7e8832abde31452ee12ec8eca235acdce4_amd64",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-27/platform-resource-runner-rhel9@sha256:41c9292a512f44347fc348afd6846e7e8832abde31452ee12ec8eca235acdce4_amd64",
"product_id": "registry.redhat.io/ansible-automation-platform-27/platform-resource-runner-rhel9@sha256:41c9292a512f44347fc348afd6846e7e8832abde31452ee12ec8eca235acdce4_amd64",
"product_identification_helper": {
"purl": "pkg:oci/platform-resource-runner-rhel9@sha256%3A41c9292a512f44347fc348afd6846e7e8832abde31452ee12ec8eca235acdce4?arch=amd64\u0026repository_url=registry.redhat.io/ansible-automation-platform-27/platform-resource-runner-rhel9\u0026tag=1781104458"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-27/receptor-rhel9@sha256:1ad72d1f577d63894eec4278c1b92b6e295cb3c0543b4dd2e93750c2cc83d535_amd64",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-27/receptor-rhel9@sha256:1ad72d1f577d63894eec4278c1b92b6e295cb3c0543b4dd2e93750c2cc83d535_amd64",
"product_id": "registry.redhat.io/ansible-automation-platform-27/receptor-rhel9@sha256:1ad72d1f577d63894eec4278c1b92b6e295cb3c0543b4dd2e93750c2cc83d535_amd64",
"product_identification_helper": {
"purl": "pkg:oci/receptor-rhel9@sha256%3A1ad72d1f577d63894eec4278c1b92b6e295cb3c0543b4dd2e93750c2cc83d535?arch=amd64\u0026repository_url=registry.redhat.io/ansible-automation-platform-27/receptor-rhel9\u0026tag=1780679838"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-27/mcp-server-rhel9@sha256:302cf11b0faed78e07e863d4b1e7e31db47590b571239385475d8a4c3cda47dc_arm64",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-27/mcp-server-rhel9@sha256:302cf11b0faed78e07e863d4b1e7e31db47590b571239385475d8a4c3cda47dc_arm64",
"product_id": "registry.redhat.io/ansible-automation-platform-27/mcp-server-rhel9@sha256:302cf11b0faed78e07e863d4b1e7e31db47590b571239385475d8a4c3cda47dc_arm64",
"product_identification_helper": {
"purl": "pkg:oci/mcp-server-rhel9@sha256%3A302cf11b0faed78e07e863d4b1e7e31db47590b571239385475d8a4c3cda47dc?arch=arm64\u0026repository_url=registry.redhat.io/ansible-automation-platform-27/mcp-server-rhel9\u0026tag=1780741250"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-27/aap-must-gather-rhel9@sha256:8426a97219763cb74366755416683d79e8b56c95da290b0fa2fff59a5db51db3_arm64",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-27/aap-must-gather-rhel9@sha256:8426a97219763cb74366755416683d79e8b56c95da290b0fa2fff59a5db51db3_arm64",
"product_id": "registry.redhat.io/ansible-automation-platform-27/aap-must-gather-rhel9@sha256:8426a97219763cb74366755416683d79e8b56c95da290b0fa2fff59a5db51db3_arm64",
"product_identification_helper": {
"purl": "pkg:oci/aap-must-gather-rhel9@sha256%3A8426a97219763cb74366755416683d79e8b56c95da290b0fa2fff59a5db51db3?arch=arm64\u0026repository_url=registry.redhat.io/ansible-automation-platform-27/aap-must-gather-rhel9\u0026tag=1780676763"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-27/ansible-builder-rhel9@sha256:f75e2056244899ae5e2ecab1404663bf554f7451cc521e0d7a75a2f40ecac7a1_arm64",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-27/ansible-builder-rhel9@sha256:f75e2056244899ae5e2ecab1404663bf554f7451cc521e0d7a75a2f40ecac7a1_arm64",
"product_id": "registry.redhat.io/ansible-automation-platform-27/ansible-builder-rhel9@sha256:f75e2056244899ae5e2ecab1404663bf554f7451cc521e0d7a75a2f40ecac7a1_arm64",
"product_identification_helper": {
"purl": "pkg:oci/ansible-builder-rhel9@sha256%3Af75e2056244899ae5e2ecab1404663bf554f7451cc521e0d7a75a2f40ecac7a1?arch=arm64\u0026repository_url=registry.redhat.io/ansible-automation-platform-27/ansible-builder-rhel9\u0026tag=1781101539"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-27/ansible-devspaces-rhel9@sha256:2211c0e7cd573bf30873329c46e91f98ff01fcb7e0753823d4c0517217c31ac3_arm64",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-27/ansible-devspaces-rhel9@sha256:2211c0e7cd573bf30873329c46e91f98ff01fcb7e0753823d4c0517217c31ac3_arm64",
"product_id": "registry.redhat.io/ansible-automation-platform-27/ansible-devspaces-rhel9@sha256:2211c0e7cd573bf30873329c46e91f98ff01fcb7e0753823d4c0517217c31ac3_arm64",
"product_identification_helper": {
"purl": "pkg:oci/ansible-devspaces-rhel9@sha256%3A2211c0e7cd573bf30873329c46e91f98ff01fcb7e0753823d4c0517217c31ac3?arch=arm64\u0026repository_url=registry.redhat.io/ansible-automation-platform-27/ansible-devspaces-rhel9\u0026tag=1781112811"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-27/ansible-dev-tools-rhel9@sha256:7dcd3a60624fa4f6c9f591ef8ffc48ba0f5152b7108a6070fa8f680c20168c95_arm64",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-27/ansible-dev-tools-rhel9@sha256:7dcd3a60624fa4f6c9f591ef8ffc48ba0f5152b7108a6070fa8f680c20168c95_arm64",
"product_id": "registry.redhat.io/ansible-automation-platform-27/ansible-dev-tools-rhel9@sha256:7dcd3a60624fa4f6c9f591ef8ffc48ba0f5152b7108a6070fa8f680c20168c95_arm64",
"product_identification_helper": {
"purl": "pkg:oci/ansible-dev-tools-rhel9@sha256%3A7dcd3a60624fa4f6c9f591ef8ffc48ba0f5152b7108a6070fa8f680c20168c95?arch=arm64\u0026repository_url=registry.redhat.io/ansible-automation-platform-27/ansible-dev-tools-rhel9\u0026tag=1780676633"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-27/lightspeed-chatbot-rhel9@sha256:c014148a6140721bb7733d5f30c7adbe3e2cc6f8a7cd6c3a939ab96f8c9420ee_arm64",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-27/lightspeed-chatbot-rhel9@sha256:c014148a6140721bb7733d5f30c7adbe3e2cc6f8a7cd6c3a939ab96f8c9420ee_arm64",
"product_id": "registry.redhat.io/ansible-automation-platform-27/lightspeed-chatbot-rhel9@sha256:c014148a6140721bb7733d5f30c7adbe3e2cc6f8a7cd6c3a939ab96f8c9420ee_arm64",
"product_identification_helper": {
"purl": "pkg:oci/lightspeed-chatbot-rhel9@sha256%3Ac014148a6140721bb7733d5f30c7adbe3e2cc6f8a7cd6c3a939ab96f8c9420ee?arch=arm64\u0026repository_url=registry.redhat.io/ansible-automation-platform-27/lightspeed-chatbot-rhel9\u0026tag=1781042555"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-27/lightspeed-rhel9@sha256:d02ae0212655f8ef70afc7a0656a2fbc95468228b003f6940d01cf4abeb5325b_arm64",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-27/lightspeed-rhel9@sha256:d02ae0212655f8ef70afc7a0656a2fbc95468228b003f6940d01cf4abeb5325b_arm64",
"product_id": "registry.redhat.io/ansible-automation-platform-27/lightspeed-rhel9@sha256:d02ae0212655f8ef70afc7a0656a2fbc95468228b003f6940d01cf4abeb5325b_arm64",
"product_identification_helper": {
"purl": "pkg:oci/lightspeed-rhel9@sha256%3Ad02ae0212655f8ef70afc7a0656a2fbc95468228b003f6940d01cf4abeb5325b?arch=arm64\u0026repository_url=registry.redhat.io/ansible-automation-platform-27/lightspeed-rhel9\u0026tag=1781025813"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-27/lightspeed-rhel9-operator@sha256:121e0bfb87b57655db4a735762a26e23f1b3de7b105cbf09bb300043601c1b43_arm64",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-27/lightspeed-rhel9-operator@sha256:121e0bfb87b57655db4a735762a26e23f1b3de7b105cbf09bb300043601c1b43_arm64",
"product_id": "registry.redhat.io/ansible-automation-platform-27/lightspeed-rhel9-operator@sha256:121e0bfb87b57655db4a735762a26e23f1b3de7b105cbf09bb300043601c1b43_arm64",
"product_identification_helper": {
"purl": "pkg:oci/lightspeed-rhel9-operator@sha256%3A121e0bfb87b57655db4a735762a26e23f1b3de7b105cbf09bb300043601c1b43?arch=arm64\u0026repository_url=registry.redhat.io/ansible-automation-platform-27/lightspeed-rhel9-operator\u0026tag=1781012601"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-27/mcp-tools-rhel9@sha256:f07206e7881bd11636bebb95f7ec9a70cc817f07d7b34f792265a5ec91d4432b_arm64",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-27/mcp-tools-rhel9@sha256:f07206e7881bd11636bebb95f7ec9a70cc817f07d7b34f792265a5ec91d4432b_arm64",
"product_id": "registry.redhat.io/ansible-automation-platform-27/mcp-tools-rhel9@sha256:f07206e7881bd11636bebb95f7ec9a70cc817f07d7b34f792265a5ec91d4432b_arm64",
"product_identification_helper": {
"purl": "pkg:oci/mcp-tools-rhel9@sha256%3Af07206e7881bd11636bebb95f7ec9a70cc817f07d7b34f792265a5ec91d4432b?arch=arm64\u0026repository_url=registry.redhat.io/ansible-automation-platform-27/mcp-tools-rhel9\u0026tag=1781030318"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-27/controller-rhel9@sha256:ddb59951ccb324d8bd6ae9c6a6093f211bcb08d8cac7c4fb10f191e421aa59d3_arm64",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-27/controller-rhel9@sha256:ddb59951ccb324d8bd6ae9c6a6093f211bcb08d8cac7c4fb10f191e421aa59d3_arm64",
"product_id": "registry.redhat.io/ansible-automation-platform-27/controller-rhel9@sha256:ddb59951ccb324d8bd6ae9c6a6093f211bcb08d8cac7c4fb10f191e421aa59d3_arm64",
"product_identification_helper": {
"purl": "pkg:oci/controller-rhel9@sha256%3Addb59951ccb324d8bd6ae9c6a6093f211bcb08d8cac7c4fb10f191e421aa59d3?arch=arm64\u0026repository_url=registry.redhat.io/ansible-automation-platform-27/controller-rhel9\u0026tag=1781097765"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-27/controller-rhel9-operator@sha256:afca3fb56256dcb7cb04a67fb52bff0160064c65f901a70fa3e97ed30ddaab7a_arm64",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-27/controller-rhel9-operator@sha256:afca3fb56256dcb7cb04a67fb52bff0160064c65f901a70fa3e97ed30ddaab7a_arm64",
"product_id": "registry.redhat.io/ansible-automation-platform-27/controller-rhel9-operator@sha256:afca3fb56256dcb7cb04a67fb52bff0160064c65f901a70fa3e97ed30ddaab7a_arm64",
"product_identification_helper": {
"purl": "pkg:oci/controller-rhel9-operator@sha256%3Aafca3fb56256dcb7cb04a67fb52bff0160064c65f901a70fa3e97ed30ddaab7a?arch=arm64\u0026repository_url=registry.redhat.io/ansible-automation-platform-27/controller-rhel9-operator\u0026tag=1781020811"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-27/eda-controller-rhel9@sha256:daefffce756c8c7918377279ada50a9cc127ab0939ed308c786940d5dc42e0d9_arm64",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-27/eda-controller-rhel9@sha256:daefffce756c8c7918377279ada50a9cc127ab0939ed308c786940d5dc42e0d9_arm64",
"product_id": "registry.redhat.io/ansible-automation-platform-27/eda-controller-rhel9@sha256:daefffce756c8c7918377279ada50a9cc127ab0939ed308c786940d5dc42e0d9_arm64",
"product_identification_helper": {
"purl": "pkg:oci/eda-controller-rhel9@sha256%3Adaefffce756c8c7918377279ada50a9cc127ab0939ed308c786940d5dc42e0d9?arch=arm64\u0026repository_url=registry.redhat.io/ansible-automation-platform-27/eda-controller-rhel9\u0026tag=1781028735"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-27/eda-controller-rhel9-operator@sha256:b58803576b7a2e119ffe83ceb252d8d402f1611c891c2c6ac7c4e0399acd848f_arm64",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-27/eda-controller-rhel9-operator@sha256:b58803576b7a2e119ffe83ceb252d8d402f1611c891c2c6ac7c4e0399acd848f_arm64",
"product_id": "registry.redhat.io/ansible-automation-platform-27/eda-controller-rhel9-operator@sha256:b58803576b7a2e119ffe83ceb252d8d402f1611c891c2c6ac7c4e0399acd848f_arm64",
"product_identification_helper": {
"purl": "pkg:oci/eda-controller-rhel9-operator@sha256%3Ab58803576b7a2e119ffe83ceb252d8d402f1611c891c2c6ac7c4e0399acd848f?arch=arm64\u0026repository_url=registry.redhat.io/ansible-automation-platform-27/eda-controller-rhel9-operator\u0026tag=1780676212"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-27/eda-controller-ui-rhel9@sha256:bd7350b62eb0f2de274eafd7dc32e4cf3073bd597e282268ff17777b9fe5d102_arm64",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-27/eda-controller-ui-rhel9@sha256:bd7350b62eb0f2de274eafd7dc32e4cf3073bd597e282268ff17777b9fe5d102_arm64",
"product_id": "registry.redhat.io/ansible-automation-platform-27/eda-controller-ui-rhel9@sha256:bd7350b62eb0f2de274eafd7dc32e4cf3073bd597e282268ff17777b9fe5d102_arm64",
"product_identification_helper": {
"purl": "pkg:oci/eda-controller-ui-rhel9@sha256%3Abd7350b62eb0f2de274eafd7dc32e4cf3073bd597e282268ff17777b9fe5d102?arch=arm64\u0026repository_url=registry.redhat.io/ansible-automation-platform-27/eda-controller-ui-rhel9\u0026tag=1781030866"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-27/gateway-rhel9@sha256:a961d06200887f646ed797932c3159634581fe144e5f29f1fef47ddc859eed31_arm64",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-27/gateway-rhel9@sha256:a961d06200887f646ed797932c3159634581fe144e5f29f1fef47ddc859eed31_arm64",
"product_id": "registry.redhat.io/ansible-automation-platform-27/gateway-rhel9@sha256:a961d06200887f646ed797932c3159634581fe144e5f29f1fef47ddc859eed31_arm64",
"product_identification_helper": {
"purl": "pkg:oci/gateway-rhel9@sha256%3Aa961d06200887f646ed797932c3159634581fe144e5f29f1fef47ddc859eed31?arch=arm64\u0026repository_url=registry.redhat.io/ansible-automation-platform-27/gateway-rhel9\u0026tag=1781044628"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-27/gateway-rhel9-operator@sha256:de3d43a8d9a2cf0d533337e825b078205cc37b01c935a4f68ac152a8a7a7533c_arm64",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-27/gateway-rhel9-operator@sha256:de3d43a8d9a2cf0d533337e825b078205cc37b01c935a4f68ac152a8a7a7533c_arm64",
"product_id": "registry.redhat.io/ansible-automation-platform-27/gateway-rhel9-operator@sha256:de3d43a8d9a2cf0d533337e825b078205cc37b01c935a4f68ac152a8a7a7533c_arm64",
"product_identification_helper": {
"purl": "pkg:oci/gateway-rhel9-operator@sha256%3Ade3d43a8d9a2cf0d533337e825b078205cc37b01c935a4f68ac152a8a7a7533c?arch=arm64\u0026repository_url=registry.redhat.io/ansible-automation-platform-27/gateway-rhel9-operator\u0026tag=1781031115"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-27/gateway-proxy-rhel9@sha256:e78dd744714feae5ae944c759759bff17c061c7ed2d3bd1454ba763131ed6ee0_arm64",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-27/gateway-proxy-rhel9@sha256:e78dd744714feae5ae944c759759bff17c061c7ed2d3bd1454ba763131ed6ee0_arm64",
"product_id": "registry.redhat.io/ansible-automation-platform-27/gateway-proxy-rhel9@sha256:e78dd744714feae5ae944c759759bff17c061c7ed2d3bd1454ba763131ed6ee0_arm64",
"product_identification_helper": {
"purl": "pkg:oci/gateway-proxy-rhel9@sha256%3Ae78dd744714feae5ae944c759759bff17c061c7ed2d3bd1454ba763131ed6ee0?arch=arm64\u0026repository_url=registry.redhat.io/ansible-automation-platform-27/gateway-proxy-rhel9\u0026tag=1781112272"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-27/hub-rhel9@sha256:3a04de6f43c1352f5df5c5a9e19fd8aad23d2921d23dcef8a9f5e121a87fe800_arm64",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-27/hub-rhel9@sha256:3a04de6f43c1352f5df5c5a9e19fd8aad23d2921d23dcef8a9f5e121a87fe800_arm64",
"product_id": "registry.redhat.io/ansible-automation-platform-27/hub-rhel9@sha256:3a04de6f43c1352f5df5c5a9e19fd8aad23d2921d23dcef8a9f5e121a87fe800_arm64",
"product_identification_helper": {
"purl": "pkg:oci/hub-rhel9@sha256%3A3a04de6f43c1352f5df5c5a9e19fd8aad23d2921d23dcef8a9f5e121a87fe800?arch=arm64\u0026repository_url=registry.redhat.io/ansible-automation-platform-27/hub-rhel9\u0026tag=1781102816"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-27/hub-rhel9-operator@sha256:c738cf5ef020b44a404402ddd660afc3d418a758751f848068bda4bc5bce0e35_arm64",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-27/hub-rhel9-operator@sha256:c738cf5ef020b44a404402ddd660afc3d418a758751f848068bda4bc5bce0e35_arm64",
"product_id": "registry.redhat.io/ansible-automation-platform-27/hub-rhel9-operator@sha256:c738cf5ef020b44a404402ddd660afc3d418a758751f848068bda4bc5bce0e35_arm64",
"product_identification_helper": {
"purl": "pkg:oci/hub-rhel9-operator@sha256%3Ac738cf5ef020b44a404402ddd660afc3d418a758751f848068bda4bc5bce0e35?arch=arm64\u0026repository_url=registry.redhat.io/ansible-automation-platform-27/hub-rhel9-operator\u0026tag=1780676321"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-27/hub-web-rhel9@sha256:adca5f837877df04696709a4826ccae31e2fdc50aa8bc32fabb4ef40cd51f0ef_arm64",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-27/hub-web-rhel9@sha256:adca5f837877df04696709a4826ccae31e2fdc50aa8bc32fabb4ef40cd51f0ef_arm64",
"product_id": "registry.redhat.io/ansible-automation-platform-27/hub-web-rhel9@sha256:adca5f837877df04696709a4826ccae31e2fdc50aa8bc32fabb4ef40cd51f0ef_arm64",
"product_identification_helper": {
"purl": "pkg:oci/hub-web-rhel9@sha256%3Aadca5f837877df04696709a4826ccae31e2fdc50aa8bc32fabb4ef40cd51f0ef?arch=arm64\u0026repository_url=registry.redhat.io/ansible-automation-platform-27/hub-web-rhel9\u0026tag=1781105214"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-27/metrics-service-rhel9-operator@sha256:d71829d8bd9bfdba7d248e2e2cd5795139382947889b71bb96b27f7d443e1591_arm64",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-27/metrics-service-rhel9-operator@sha256:d71829d8bd9bfdba7d248e2e2cd5795139382947889b71bb96b27f7d443e1591_arm64",
"product_id": "registry.redhat.io/ansible-automation-platform-27/metrics-service-rhel9-operator@sha256:d71829d8bd9bfdba7d248e2e2cd5795139382947889b71bb96b27f7d443e1591_arm64",
"product_identification_helper": {
"purl": "pkg:oci/metrics-service-rhel9-operator@sha256%3Ad71829d8bd9bfdba7d248e2e2cd5795139382947889b71bb96b27f7d443e1591?arch=arm64\u0026repository_url=registry.redhat.io/ansible-automation-platform-27/metrics-service-rhel9-operator\u0026tag=1781020387"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-27/metrics-service-rhel9@sha256:ce4ef5c8af91d2056a034f9559a5d92742b18aea7aeaf03d2bacfa92d67c5b9b_arm64",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-27/metrics-service-rhel9@sha256:ce4ef5c8af91d2056a034f9559a5d92742b18aea7aeaf03d2bacfa92d67c5b9b_arm64",
"product_id": "registry.redhat.io/ansible-automation-platform-27/metrics-service-rhel9@sha256:ce4ef5c8af91d2056a034f9559a5d92742b18aea7aeaf03d2bacfa92d67c5b9b_arm64",
"product_identification_helper": {
"purl": "pkg:oci/metrics-service-rhel9@sha256%3Ace4ef5c8af91d2056a034f9559a5d92742b18aea7aeaf03d2bacfa92d67c5b9b?arch=arm64\u0026repository_url=registry.redhat.io/ansible-automation-platform-27/metrics-service-rhel9\u0026tag=1780937494"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-27/de-minimal-rhel9@sha256:587ec88d08d4113f07778f81aae6de62c9e9d971b677b1375b547aa7dd1178c8_arm64",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-27/de-minimal-rhel9@sha256:587ec88d08d4113f07778f81aae6de62c9e9d971b677b1375b547aa7dd1178c8_arm64",
"product_id": "registry.redhat.io/ansible-automation-platform-27/de-minimal-rhel9@sha256:587ec88d08d4113f07778f81aae6de62c9e9d971b677b1375b547aa7dd1178c8_arm64",
"product_identification_helper": {
"purl": "pkg:oci/de-minimal-rhel9@sha256%3A587ec88d08d4113f07778f81aae6de62c9e9d971b677b1375b547aa7dd1178c8?arch=arm64\u0026repository_url=registry.redhat.io/ansible-automation-platform-27/de-minimal-rhel9\u0026tag=1781036795"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-27/de-supported-rhel9@sha256:830fa58a60fbd7f768e236b2052edd1d37fc7cf383a0ccd65483b09fa5b07bd2_arm64",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-27/de-supported-rhel9@sha256:830fa58a60fbd7f768e236b2052edd1d37fc7cf383a0ccd65483b09fa5b07bd2_arm64",
"product_id": "registry.redhat.io/ansible-automation-platform-27/de-supported-rhel9@sha256:830fa58a60fbd7f768e236b2052edd1d37fc7cf383a0ccd65483b09fa5b07bd2_arm64",
"product_identification_helper": {
"purl": "pkg:oci/de-supported-rhel9@sha256%3A830fa58a60fbd7f768e236b2052edd1d37fc7cf383a0ccd65483b09fa5b07bd2?arch=arm64\u0026repository_url=registry.redhat.io/ansible-automation-platform-27/de-supported-rhel9\u0026tag=1781038454"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-27/ee-minimal-rhel9@sha256:c4f9e3356a2217008bd6f69325ae74d547703f1bcfe39bd74737f30c6914f711_arm64",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-27/ee-minimal-rhel9@sha256:c4f9e3356a2217008bd6f69325ae74d547703f1bcfe39bd74737f30c6914f711_arm64",
"product_id": "registry.redhat.io/ansible-automation-platform-27/ee-minimal-rhel9@sha256:c4f9e3356a2217008bd6f69325ae74d547703f1bcfe39bd74737f30c6914f711_arm64",
"product_identification_helper": {
"purl": "pkg:oci/ee-minimal-rhel9@sha256%3Ac4f9e3356a2217008bd6f69325ae74d547703f1bcfe39bd74737f30c6914f711?arch=arm64\u0026repository_url=registry.redhat.io/ansible-automation-platform-27/ee-minimal-rhel9\u0026tag=1781093888"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-27/ee-supported-rhel9@sha256:017495624b22a5825231dd70443dc9ab359da0df5ea16a5a04e0f4dc915b6e0f_arm64",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-27/ee-supported-rhel9@sha256:017495624b22a5825231dd70443dc9ab359da0df5ea16a5a04e0f4dc915b6e0f_arm64",
"product_id": "registry.redhat.io/ansible-automation-platform-27/ee-supported-rhel9@sha256:017495624b22a5825231dd70443dc9ab359da0df5ea16a5a04e0f4dc915b6e0f_arm64",
"product_identification_helper": {
"purl": "pkg:oci/ee-supported-rhel9@sha256%3A017495624b22a5825231dd70443dc9ab359da0df5ea16a5a04e0f4dc915b6e0f?arch=arm64\u0026repository_url=registry.redhat.io/ansible-automation-platform-27/ee-supported-rhel9\u0026tag=1781118924"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-27/platform-resource-rhel9-operator@sha256:7e6ea2d4253efb0aaabce270c56bf8ef84148592862608f501b639566b9996f0_arm64",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-27/platform-resource-rhel9-operator@sha256:7e6ea2d4253efb0aaabce270c56bf8ef84148592862608f501b639566b9996f0_arm64",
"product_id": "registry.redhat.io/ansible-automation-platform-27/platform-resource-rhel9-operator@sha256:7e6ea2d4253efb0aaabce270c56bf8ef84148592862608f501b639566b9996f0_arm64",
"product_identification_helper": {
"purl": "pkg:oci/platform-resource-rhel9-operator@sha256%3A7e6ea2d4253efb0aaabce270c56bf8ef84148592862608f501b639566b9996f0?arch=arm64\u0026repository_url=registry.redhat.io/ansible-automation-platform-27/platform-resource-rhel9-operator\u0026tag=1781102902"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-27/platform-resource-runner-rhel9@sha256:f30a9515d678d60e9ac035b876ecdaaa8a4852c87fe55e16bcabf598ad447b14_arm64",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-27/platform-resource-runner-rhel9@sha256:f30a9515d678d60e9ac035b876ecdaaa8a4852c87fe55e16bcabf598ad447b14_arm64",
"product_id": "registry.redhat.io/ansible-automation-platform-27/platform-resource-runner-rhel9@sha256:f30a9515d678d60e9ac035b876ecdaaa8a4852c87fe55e16bcabf598ad447b14_arm64",
"product_identification_helper": {
"purl": "pkg:oci/platform-resource-runner-rhel9@sha256%3Af30a9515d678d60e9ac035b876ecdaaa8a4852c87fe55e16bcabf598ad447b14?arch=arm64\u0026repository_url=registry.redhat.io/ansible-automation-platform-27/platform-resource-runner-rhel9\u0026tag=1781104458"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-27/receptor-rhel9@sha256:5c5bc6761dbd47effea36014affa352bddd5a18696377967f1f50b75df2741fe_arm64",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-27/receptor-rhel9@sha256:5c5bc6761dbd47effea36014affa352bddd5a18696377967f1f50b75df2741fe_arm64",
"product_id": "registry.redhat.io/ansible-automation-platform-27/receptor-rhel9@sha256:5c5bc6761dbd47effea36014affa352bddd5a18696377967f1f50b75df2741fe_arm64",
"product_identification_helper": {
"purl": "pkg:oci/receptor-rhel9@sha256%3A5c5bc6761dbd47effea36014affa352bddd5a18696377967f1f50b75df2741fe?arch=arm64\u0026repository_url=registry.redhat.io/ansible-automation-platform-27/receptor-rhel9\u0026tag=1780679838"
}
}
}
],
"category": "architecture",
"name": "arm64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-27/aap-must-gather-rhel9@sha256:51ed36bb2a95df762fa0239faf7bcc70b68dbd5f744bd2094f5e29ecc6700eb3_amd64 as a component of Red Hat Ansible Automation Platform 2.7",
"product_id": "Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/aap-must-gather-rhel9@sha256:51ed36bb2a95df762fa0239faf7bcc70b68dbd5f744bd2094f5e29ecc6700eb3_amd64"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-27/aap-must-gather-rhel9@sha256:51ed36bb2a95df762fa0239faf7bcc70b68dbd5f744bd2094f5e29ecc6700eb3_amd64",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-27/aap-must-gather-rhel9@sha256:8426a97219763cb74366755416683d79e8b56c95da290b0fa2fff59a5db51db3_arm64 as a component of Red Hat Ansible Automation Platform 2.7",
"product_id": "Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/aap-must-gather-rhel9@sha256:8426a97219763cb74366755416683d79e8b56c95da290b0fa2fff59a5db51db3_arm64"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-27/aap-must-gather-rhel9@sha256:8426a97219763cb74366755416683d79e8b56c95da290b0fa2fff59a5db51db3_arm64",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-27/ansible-builder-rhel9@sha256:0ddbc5f91472e5872912da6131e71df85e87b79ef8ea3d38bb4247f1456d4a00_amd64 as a component of Red Hat Ansible Automation Platform 2.7",
"product_id": "Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/ansible-builder-rhel9@sha256:0ddbc5f91472e5872912da6131e71df85e87b79ef8ea3d38bb4247f1456d4a00_amd64"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-27/ansible-builder-rhel9@sha256:0ddbc5f91472e5872912da6131e71df85e87b79ef8ea3d38bb4247f1456d4a00_amd64",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-27/ansible-builder-rhel9@sha256:f75e2056244899ae5e2ecab1404663bf554f7451cc521e0d7a75a2f40ecac7a1_arm64 as a component of Red Hat Ansible Automation Platform 2.7",
"product_id": "Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/ansible-builder-rhel9@sha256:f75e2056244899ae5e2ecab1404663bf554f7451cc521e0d7a75a2f40ecac7a1_arm64"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-27/ansible-builder-rhel9@sha256:f75e2056244899ae5e2ecab1404663bf554f7451cc521e0d7a75a2f40ecac7a1_arm64",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-27/ansible-dev-tools-rhel9@sha256:7dcd3a60624fa4f6c9f591ef8ffc48ba0f5152b7108a6070fa8f680c20168c95_arm64 as a component of Red Hat Ansible Automation Platform 2.7",
"product_id": "Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/ansible-dev-tools-rhel9@sha256:7dcd3a60624fa4f6c9f591ef8ffc48ba0f5152b7108a6070fa8f680c20168c95_arm64"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-27/ansible-dev-tools-rhel9@sha256:7dcd3a60624fa4f6c9f591ef8ffc48ba0f5152b7108a6070fa8f680c20168c95_arm64",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-27/ansible-dev-tools-rhel9@sha256:a8135ef1879793f311f2661c380bd5fbbedc14a4d195aeaa5a4cb04ad4845f49_amd64 as a component of Red Hat Ansible Automation Platform 2.7",
"product_id": "Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/ansible-dev-tools-rhel9@sha256:a8135ef1879793f311f2661c380bd5fbbedc14a4d195aeaa5a4cb04ad4845f49_amd64"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-27/ansible-dev-tools-rhel9@sha256:a8135ef1879793f311f2661c380bd5fbbedc14a4d195aeaa5a4cb04ad4845f49_amd64",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-27/ansible-devspaces-rhel9@sha256:2211c0e7cd573bf30873329c46e91f98ff01fcb7e0753823d4c0517217c31ac3_arm64 as a component of Red Hat Ansible Automation Platform 2.7",
"product_id": "Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/ansible-devspaces-rhel9@sha256:2211c0e7cd573bf30873329c46e91f98ff01fcb7e0753823d4c0517217c31ac3_arm64"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-27/ansible-devspaces-rhel9@sha256:2211c0e7cd573bf30873329c46e91f98ff01fcb7e0753823d4c0517217c31ac3_arm64",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-27/ansible-devspaces-rhel9@sha256:a6903f68684eb8f5bc688b75e390727b5ed48b864784657e49611966266c9f3f_amd64 as a component of Red Hat Ansible Automation Platform 2.7",
"product_id": "Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/ansible-devspaces-rhel9@sha256:a6903f68684eb8f5bc688b75e390727b5ed48b864784657e49611966266c9f3f_amd64"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-27/ansible-devspaces-rhel9@sha256:a6903f68684eb8f5bc688b75e390727b5ed48b864784657e49611966266c9f3f_amd64",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-27/controller-rhel9-operator@sha256:5ffa88952441ddab19ada1bd2603e3614b75d10ef51e38098c2d22d8b358b518_amd64 as a component of Red Hat Ansible Automation Platform 2.7",
"product_id": "Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/controller-rhel9-operator@sha256:5ffa88952441ddab19ada1bd2603e3614b75d10ef51e38098c2d22d8b358b518_amd64"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-27/controller-rhel9-operator@sha256:5ffa88952441ddab19ada1bd2603e3614b75d10ef51e38098c2d22d8b358b518_amd64",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-27/controller-rhel9-operator@sha256:afca3fb56256dcb7cb04a67fb52bff0160064c65f901a70fa3e97ed30ddaab7a_arm64 as a component of Red Hat Ansible Automation Platform 2.7",
"product_id": "Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/controller-rhel9-operator@sha256:afca3fb56256dcb7cb04a67fb52bff0160064c65f901a70fa3e97ed30ddaab7a_arm64"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-27/controller-rhel9-operator@sha256:afca3fb56256dcb7cb04a67fb52bff0160064c65f901a70fa3e97ed30ddaab7a_arm64",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-27/controller-rhel9@sha256:5e1a04dbcddc141f0026ccee871050cf974175b62c3d22b33e5ec3aec54128d3_amd64 as a component of Red Hat Ansible Automation Platform 2.7",
"product_id": "Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/controller-rhel9@sha256:5e1a04dbcddc141f0026ccee871050cf974175b62c3d22b33e5ec3aec54128d3_amd64"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-27/controller-rhel9@sha256:5e1a04dbcddc141f0026ccee871050cf974175b62c3d22b33e5ec3aec54128d3_amd64",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-27/controller-rhel9@sha256:ddb59951ccb324d8bd6ae9c6a6093f211bcb08d8cac7c4fb10f191e421aa59d3_arm64 as a component of Red Hat Ansible Automation Platform 2.7",
"product_id": "Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/controller-rhel9@sha256:ddb59951ccb324d8bd6ae9c6a6093f211bcb08d8cac7c4fb10f191e421aa59d3_arm64"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-27/controller-rhel9@sha256:ddb59951ccb324d8bd6ae9c6a6093f211bcb08d8cac7c4fb10f191e421aa59d3_arm64",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-27/de-minimal-rhel9@sha256:55ad63ce31700829d0df23692d02cb7796404b122f790f9329f4b742c5f6783e_amd64 as a component of Red Hat Ansible Automation Platform 2.7",
"product_id": "Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/de-minimal-rhel9@sha256:55ad63ce31700829d0df23692d02cb7796404b122f790f9329f4b742c5f6783e_amd64"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-27/de-minimal-rhel9@sha256:55ad63ce31700829d0df23692d02cb7796404b122f790f9329f4b742c5f6783e_amd64",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-27/de-minimal-rhel9@sha256:587ec88d08d4113f07778f81aae6de62c9e9d971b677b1375b547aa7dd1178c8_arm64 as a component of Red Hat Ansible Automation Platform 2.7",
"product_id": "Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/de-minimal-rhel9@sha256:587ec88d08d4113f07778f81aae6de62c9e9d971b677b1375b547aa7dd1178c8_arm64"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-27/de-minimal-rhel9@sha256:587ec88d08d4113f07778f81aae6de62c9e9d971b677b1375b547aa7dd1178c8_arm64",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-27/de-supported-rhel9@sha256:5aa7b2e33b9480f45faf8b4686bfb264838b5c1c62c537c5a2ec7b5a8617ac49_amd64 as a component of Red Hat Ansible Automation Platform 2.7",
"product_id": "Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/de-supported-rhel9@sha256:5aa7b2e33b9480f45faf8b4686bfb264838b5c1c62c537c5a2ec7b5a8617ac49_amd64"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-27/de-supported-rhel9@sha256:5aa7b2e33b9480f45faf8b4686bfb264838b5c1c62c537c5a2ec7b5a8617ac49_amd64",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-27/de-supported-rhel9@sha256:830fa58a60fbd7f768e236b2052edd1d37fc7cf383a0ccd65483b09fa5b07bd2_arm64 as a component of Red Hat Ansible Automation Platform 2.7",
"product_id": "Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/de-supported-rhel9@sha256:830fa58a60fbd7f768e236b2052edd1d37fc7cf383a0ccd65483b09fa5b07bd2_arm64"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-27/de-supported-rhel9@sha256:830fa58a60fbd7f768e236b2052edd1d37fc7cf383a0ccd65483b09fa5b07bd2_arm64",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-27/eda-controller-rhel9-operator@sha256:a18f77ccf6c524f5d0c11d34d6787b22548194b6897abd491de85b00fc1befd3_amd64 as a component of Red Hat Ansible Automation Platform 2.7",
"product_id": "Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/eda-controller-rhel9-operator@sha256:a18f77ccf6c524f5d0c11d34d6787b22548194b6897abd491de85b00fc1befd3_amd64"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-27/eda-controller-rhel9-operator@sha256:a18f77ccf6c524f5d0c11d34d6787b22548194b6897abd491de85b00fc1befd3_amd64",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-27/eda-controller-rhel9-operator@sha256:b58803576b7a2e119ffe83ceb252d8d402f1611c891c2c6ac7c4e0399acd848f_arm64 as a component of Red Hat Ansible Automation Platform 2.7",
"product_id": "Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/eda-controller-rhel9-operator@sha256:b58803576b7a2e119ffe83ceb252d8d402f1611c891c2c6ac7c4e0399acd848f_arm64"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-27/eda-controller-rhel9-operator@sha256:b58803576b7a2e119ffe83ceb252d8d402f1611c891c2c6ac7c4e0399acd848f_arm64",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-27/eda-controller-rhel9@sha256:daefffce756c8c7918377279ada50a9cc127ab0939ed308c786940d5dc42e0d9_arm64 as a component of Red Hat Ansible Automation Platform 2.7",
"product_id": "Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/eda-controller-rhel9@sha256:daefffce756c8c7918377279ada50a9cc127ab0939ed308c786940d5dc42e0d9_arm64"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-27/eda-controller-rhel9@sha256:daefffce756c8c7918377279ada50a9cc127ab0939ed308c786940d5dc42e0d9_arm64",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-27/eda-controller-rhel9@sha256:dfde61892d055e89b056f7fb8863f3a0961df2bb8890323b8301670fc8afc66b_amd64 as a component of Red Hat Ansible Automation Platform 2.7",
"product_id": "Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/eda-controller-rhel9@sha256:dfde61892d055e89b056f7fb8863f3a0961df2bb8890323b8301670fc8afc66b_amd64"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-27/eda-controller-rhel9@sha256:dfde61892d055e89b056f7fb8863f3a0961df2bb8890323b8301670fc8afc66b_amd64",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-27/eda-controller-ui-rhel9@sha256:bd7350b62eb0f2de274eafd7dc32e4cf3073bd597e282268ff17777b9fe5d102_arm64 as a component of Red Hat Ansible Automation Platform 2.7",
"product_id": "Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/eda-controller-ui-rhel9@sha256:bd7350b62eb0f2de274eafd7dc32e4cf3073bd597e282268ff17777b9fe5d102_arm64"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-27/eda-controller-ui-rhel9@sha256:bd7350b62eb0f2de274eafd7dc32e4cf3073bd597e282268ff17777b9fe5d102_arm64",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-27/eda-controller-ui-rhel9@sha256:fe72e508123fdd2795959017e5572689b039d5bdfc675dc45673c5586fceea17_amd64 as a component of Red Hat Ansible Automation Platform 2.7",
"product_id": "Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/eda-controller-ui-rhel9@sha256:fe72e508123fdd2795959017e5572689b039d5bdfc675dc45673c5586fceea17_amd64"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-27/eda-controller-ui-rhel9@sha256:fe72e508123fdd2795959017e5572689b039d5bdfc675dc45673c5586fceea17_amd64",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-27/ee-minimal-rhel9@sha256:abaebe0c1fbc2a013fad8ec411a449705c8a78759b82ddbe661afd99e90dada5_amd64 as a component of Red Hat Ansible Automation Platform 2.7",
"product_id": "Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/ee-minimal-rhel9@sha256:abaebe0c1fbc2a013fad8ec411a449705c8a78759b82ddbe661afd99e90dada5_amd64"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-27/ee-minimal-rhel9@sha256:abaebe0c1fbc2a013fad8ec411a449705c8a78759b82ddbe661afd99e90dada5_amd64",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-27/ee-minimal-rhel9@sha256:c4f9e3356a2217008bd6f69325ae74d547703f1bcfe39bd74737f30c6914f711_arm64 as a component of Red Hat Ansible Automation Platform 2.7",
"product_id": "Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/ee-minimal-rhel9@sha256:c4f9e3356a2217008bd6f69325ae74d547703f1bcfe39bd74737f30c6914f711_arm64"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-27/ee-minimal-rhel9@sha256:c4f9e3356a2217008bd6f69325ae74d547703f1bcfe39bd74737f30c6914f711_arm64",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-27/ee-supported-rhel9@sha256:017495624b22a5825231dd70443dc9ab359da0df5ea16a5a04e0f4dc915b6e0f_arm64 as a component of Red Hat Ansible Automation Platform 2.7",
"product_id": "Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/ee-supported-rhel9@sha256:017495624b22a5825231dd70443dc9ab359da0df5ea16a5a04e0f4dc915b6e0f_arm64"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-27/ee-supported-rhel9@sha256:017495624b22a5825231dd70443dc9ab359da0df5ea16a5a04e0f4dc915b6e0f_arm64",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-27/ee-supported-rhel9@sha256:fcb7685115cfbf0a10ef87d6bb7a43c251c207a4fd7a31c5908cad85b6ae0e1a_amd64 as a component of Red Hat Ansible Automation Platform 2.7",
"product_id": "Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/ee-supported-rhel9@sha256:fcb7685115cfbf0a10ef87d6bb7a43c251c207a4fd7a31c5908cad85b6ae0e1a_amd64"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-27/ee-supported-rhel9@sha256:fcb7685115cfbf0a10ef87d6bb7a43c251c207a4fd7a31c5908cad85b6ae0e1a_amd64",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-27/gateway-proxy-rhel9@sha256:d15bd832817f039fa3c09d6d74088254b6fae15a5efed7a88279a657b2f23f16_amd64 as a component of Red Hat Ansible Automation Platform 2.7",
"product_id": "Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/gateway-proxy-rhel9@sha256:d15bd832817f039fa3c09d6d74088254b6fae15a5efed7a88279a657b2f23f16_amd64"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-27/gateway-proxy-rhel9@sha256:d15bd832817f039fa3c09d6d74088254b6fae15a5efed7a88279a657b2f23f16_amd64",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-27/gateway-proxy-rhel9@sha256:e78dd744714feae5ae944c759759bff17c061c7ed2d3bd1454ba763131ed6ee0_arm64 as a component of Red Hat Ansible Automation Platform 2.7",
"product_id": "Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/gateway-proxy-rhel9@sha256:e78dd744714feae5ae944c759759bff17c061c7ed2d3bd1454ba763131ed6ee0_arm64"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-27/gateway-proxy-rhel9@sha256:e78dd744714feae5ae944c759759bff17c061c7ed2d3bd1454ba763131ed6ee0_arm64",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-27/gateway-rhel9-operator@sha256:de3d43a8d9a2cf0d533337e825b078205cc37b01c935a4f68ac152a8a7a7533c_arm64 as a component of Red Hat Ansible Automation Platform 2.7",
"product_id": "Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/gateway-rhel9-operator@sha256:de3d43a8d9a2cf0d533337e825b078205cc37b01c935a4f68ac152a8a7a7533c_arm64"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-27/gateway-rhel9-operator@sha256:de3d43a8d9a2cf0d533337e825b078205cc37b01c935a4f68ac152a8a7a7533c_arm64",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-27/gateway-rhel9-operator@sha256:eca1f9bd16210653a372e34a4f40ca4d6330618a2acba64f6f7c2e8e95026da1_amd64 as a component of Red Hat Ansible Automation Platform 2.7",
"product_id": "Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/gateway-rhel9-operator@sha256:eca1f9bd16210653a372e34a4f40ca4d6330618a2acba64f6f7c2e8e95026da1_amd64"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-27/gateway-rhel9-operator@sha256:eca1f9bd16210653a372e34a4f40ca4d6330618a2acba64f6f7c2e8e95026da1_amd64",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-27/gateway-rhel9@sha256:a961d06200887f646ed797932c3159634581fe144e5f29f1fef47ddc859eed31_arm64 as a component of Red Hat Ansible Automation Platform 2.7",
"product_id": "Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/gateway-rhel9@sha256:a961d06200887f646ed797932c3159634581fe144e5f29f1fef47ddc859eed31_arm64"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-27/gateway-rhel9@sha256:a961d06200887f646ed797932c3159634581fe144e5f29f1fef47ddc859eed31_arm64",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-27/gateway-rhel9@sha256:bd28a84fe3b750313749ec80d44cac88c7b06408b0caceea08d303f51c1f559a_amd64 as a component of Red Hat Ansible Automation Platform 2.7",
"product_id": "Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/gateway-rhel9@sha256:bd28a84fe3b750313749ec80d44cac88c7b06408b0caceea08d303f51c1f559a_amd64"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-27/gateway-rhel9@sha256:bd28a84fe3b750313749ec80d44cac88c7b06408b0caceea08d303f51c1f559a_amd64",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-27/hub-rhel9-operator@sha256:3312c6acd7a577bd8b3ccda5a65f8505ff76e2acc7a46e7f290a49dfb53cfac4_amd64 as a component of Red Hat Ansible Automation Platform 2.7",
"product_id": "Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/hub-rhel9-operator@sha256:3312c6acd7a577bd8b3ccda5a65f8505ff76e2acc7a46e7f290a49dfb53cfac4_amd64"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-27/hub-rhel9-operator@sha256:3312c6acd7a577bd8b3ccda5a65f8505ff76e2acc7a46e7f290a49dfb53cfac4_amd64",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-27/hub-rhel9-operator@sha256:c738cf5ef020b44a404402ddd660afc3d418a758751f848068bda4bc5bce0e35_arm64 as a component of Red Hat Ansible Automation Platform 2.7",
"product_id": "Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/hub-rhel9-operator@sha256:c738cf5ef020b44a404402ddd660afc3d418a758751f848068bda4bc5bce0e35_arm64"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-27/hub-rhel9-operator@sha256:c738cf5ef020b44a404402ddd660afc3d418a758751f848068bda4bc5bce0e35_arm64",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-27/hub-rhel9@sha256:3a04de6f43c1352f5df5c5a9e19fd8aad23d2921d23dcef8a9f5e121a87fe800_arm64 as a component of Red Hat Ansible Automation Platform 2.7",
"product_id": "Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/hub-rhel9@sha256:3a04de6f43c1352f5df5c5a9e19fd8aad23d2921d23dcef8a9f5e121a87fe800_arm64"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-27/hub-rhel9@sha256:3a04de6f43c1352f5df5c5a9e19fd8aad23d2921d23dcef8a9f5e121a87fe800_arm64",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-27/hub-rhel9@sha256:cdd7f08ba3846269e6932375c1a7bdb4ed3bfe062ba7bcd5a872def4293150a6_amd64 as a component of Red Hat Ansible Automation Platform 2.7",
"product_id": "Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/hub-rhel9@sha256:cdd7f08ba3846269e6932375c1a7bdb4ed3bfe062ba7bcd5a872def4293150a6_amd64"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-27/hub-rhel9@sha256:cdd7f08ba3846269e6932375c1a7bdb4ed3bfe062ba7bcd5a872def4293150a6_amd64",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-27/hub-web-rhel9@sha256:adca5f837877df04696709a4826ccae31e2fdc50aa8bc32fabb4ef40cd51f0ef_arm64 as a component of Red Hat Ansible Automation Platform 2.7",
"product_id": "Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/hub-web-rhel9@sha256:adca5f837877df04696709a4826ccae31e2fdc50aa8bc32fabb4ef40cd51f0ef_arm64"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-27/hub-web-rhel9@sha256:adca5f837877df04696709a4826ccae31e2fdc50aa8bc32fabb4ef40cd51f0ef_arm64",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-27/hub-web-rhel9@sha256:fb8342f0f6b8322194bc357c7d9c9d89ef6ca052b88c5618bbf768f555a54b13_amd64 as a component of Red Hat Ansible Automation Platform 2.7",
"product_id": "Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/hub-web-rhel9@sha256:fb8342f0f6b8322194bc357c7d9c9d89ef6ca052b88c5618bbf768f555a54b13_amd64"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-27/hub-web-rhel9@sha256:fb8342f0f6b8322194bc357c7d9c9d89ef6ca052b88c5618bbf768f555a54b13_amd64",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-27/lightspeed-chatbot-rhel9@sha256:2fab408777ea512f3cf8ac57d5989fa0017f6352dcead3a320d348a3e2ac1004_amd64 as a component of Red Hat Ansible Automation Platform 2.7",
"product_id": "Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/lightspeed-chatbot-rhel9@sha256:2fab408777ea512f3cf8ac57d5989fa0017f6352dcead3a320d348a3e2ac1004_amd64"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-27/lightspeed-chatbot-rhel9@sha256:2fab408777ea512f3cf8ac57d5989fa0017f6352dcead3a320d348a3e2ac1004_amd64",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-27/lightspeed-chatbot-rhel9@sha256:c014148a6140721bb7733d5f30c7adbe3e2cc6f8a7cd6c3a939ab96f8c9420ee_arm64 as a component of Red Hat Ansible Automation Platform 2.7",
"product_id": "Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/lightspeed-chatbot-rhel9@sha256:c014148a6140721bb7733d5f30c7adbe3e2cc6f8a7cd6c3a939ab96f8c9420ee_arm64"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-27/lightspeed-chatbot-rhel9@sha256:c014148a6140721bb7733d5f30c7adbe3e2cc6f8a7cd6c3a939ab96f8c9420ee_arm64",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-27/lightspeed-rhel9-operator@sha256:121e0bfb87b57655db4a735762a26e23f1b3de7b105cbf09bb300043601c1b43_arm64 as a component of Red Hat Ansible Automation Platform 2.7",
"product_id": "Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/lightspeed-rhel9-operator@sha256:121e0bfb87b57655db4a735762a26e23f1b3de7b105cbf09bb300043601c1b43_arm64"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-27/lightspeed-rhel9-operator@sha256:121e0bfb87b57655db4a735762a26e23f1b3de7b105cbf09bb300043601c1b43_arm64",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-27/lightspeed-rhel9-operator@sha256:6a06579accd268ca5203edab2e46b89166ae6024507cc5b4bed2e126cdef7986_amd64 as a component of Red Hat Ansible Automation Platform 2.7",
"product_id": "Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/lightspeed-rhel9-operator@sha256:6a06579accd268ca5203edab2e46b89166ae6024507cc5b4bed2e126cdef7986_amd64"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-27/lightspeed-rhel9-operator@sha256:6a06579accd268ca5203edab2e46b89166ae6024507cc5b4bed2e126cdef7986_amd64",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-27/lightspeed-rhel9@sha256:d02ae0212655f8ef70afc7a0656a2fbc95468228b003f6940d01cf4abeb5325b_arm64 as a component of Red Hat Ansible Automation Platform 2.7",
"product_id": "Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/lightspeed-rhel9@sha256:d02ae0212655f8ef70afc7a0656a2fbc95468228b003f6940d01cf4abeb5325b_arm64"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-27/lightspeed-rhel9@sha256:d02ae0212655f8ef70afc7a0656a2fbc95468228b003f6940d01cf4abeb5325b_arm64",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-27/lightspeed-rhel9@sha256:d10f226739a001a0efc0178f19a73fad722dc85484017d13f388f749a374ffea_amd64 as a component of Red Hat Ansible Automation Platform 2.7",
"product_id": "Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/lightspeed-rhel9@sha256:d10f226739a001a0efc0178f19a73fad722dc85484017d13f388f749a374ffea_amd64"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-27/lightspeed-rhel9@sha256:d10f226739a001a0efc0178f19a73fad722dc85484017d13f388f749a374ffea_amd64",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-27/mcp-server-rhel9@sha256:302cf11b0faed78e07e863d4b1e7e31db47590b571239385475d8a4c3cda47dc_arm64 as a component of Red Hat Ansible Automation Platform 2.7",
"product_id": "Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/mcp-server-rhel9@sha256:302cf11b0faed78e07e863d4b1e7e31db47590b571239385475d8a4c3cda47dc_arm64"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-27/mcp-server-rhel9@sha256:302cf11b0faed78e07e863d4b1e7e31db47590b571239385475d8a4c3cda47dc_arm64",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-27/mcp-server-rhel9@sha256:7dbf390d29d295f346662b605448a9748e24b8f541a84f55b6b7c81b87c46025_amd64 as a component of Red Hat Ansible Automation Platform 2.7",
"product_id": "Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/mcp-server-rhel9@sha256:7dbf390d29d295f346662b605448a9748e24b8f541a84f55b6b7c81b87c46025_amd64"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-27/mcp-server-rhel9@sha256:7dbf390d29d295f346662b605448a9748e24b8f541a84f55b6b7c81b87c46025_amd64",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-27/mcp-tools-rhel9@sha256:e6c019048612b124e9a2100220d46f242f0fd2302bbe42e674bf84c21a56b733_amd64 as a component of Red Hat Ansible Automation Platform 2.7",
"product_id": "Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/mcp-tools-rhel9@sha256:e6c019048612b124e9a2100220d46f242f0fd2302bbe42e674bf84c21a56b733_amd64"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-27/mcp-tools-rhel9@sha256:e6c019048612b124e9a2100220d46f242f0fd2302bbe42e674bf84c21a56b733_amd64",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-27/mcp-tools-rhel9@sha256:f07206e7881bd11636bebb95f7ec9a70cc817f07d7b34f792265a5ec91d4432b_arm64 as a component of Red Hat Ansible Automation Platform 2.7",
"product_id": "Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/mcp-tools-rhel9@sha256:f07206e7881bd11636bebb95f7ec9a70cc817f07d7b34f792265a5ec91d4432b_arm64"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-27/mcp-tools-rhel9@sha256:f07206e7881bd11636bebb95f7ec9a70cc817f07d7b34f792265a5ec91d4432b_arm64",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-27/metrics-service-rhel9-operator@sha256:7007f666eadfd7294801e6412e624dbc4bd2288f13ea8820ee55e7552f471831_amd64 as a component of Red Hat Ansible Automation Platform 2.7",
"product_id": "Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/metrics-service-rhel9-operator@sha256:7007f666eadfd7294801e6412e624dbc4bd2288f13ea8820ee55e7552f471831_amd64"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-27/metrics-service-rhel9-operator@sha256:7007f666eadfd7294801e6412e624dbc4bd2288f13ea8820ee55e7552f471831_amd64",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-27/metrics-service-rhel9-operator@sha256:d71829d8bd9bfdba7d248e2e2cd5795139382947889b71bb96b27f7d443e1591_arm64 as a component of Red Hat Ansible Automation Platform 2.7",
"product_id": "Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/metrics-service-rhel9-operator@sha256:d71829d8bd9bfdba7d248e2e2cd5795139382947889b71bb96b27f7d443e1591_arm64"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-27/metrics-service-rhel9-operator@sha256:d71829d8bd9bfdba7d248e2e2cd5795139382947889b71bb96b27f7d443e1591_arm64",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-27/metrics-service-rhel9@sha256:ce4ef5c8af91d2056a034f9559a5d92742b18aea7aeaf03d2bacfa92d67c5b9b_arm64 as a component of Red Hat Ansible Automation Platform 2.7",
"product_id": "Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/metrics-service-rhel9@sha256:ce4ef5c8af91d2056a034f9559a5d92742b18aea7aeaf03d2bacfa92d67c5b9b_arm64"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-27/metrics-service-rhel9@sha256:ce4ef5c8af91d2056a034f9559a5d92742b18aea7aeaf03d2bacfa92d67c5b9b_arm64",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-27/metrics-service-rhel9@sha256:ee347c1a7b52e512d6bdd65afda44f0e372abbaf4c1f81750f23fc473becf777_amd64 as a component of Red Hat Ansible Automation Platform 2.7",
"product_id": "Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/metrics-service-rhel9@sha256:ee347c1a7b52e512d6bdd65afda44f0e372abbaf4c1f81750f23fc473becf777_amd64"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-27/metrics-service-rhel9@sha256:ee347c1a7b52e512d6bdd65afda44f0e372abbaf4c1f81750f23fc473becf777_amd64",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-27/platform-resource-rhel9-operator@sha256:3641db944490dd326c814487e1c10d5d9d079ba74f8321930ab277fe44b51705_amd64 as a component of Red Hat Ansible Automation Platform 2.7",
"product_id": "Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/platform-resource-rhel9-operator@sha256:3641db944490dd326c814487e1c10d5d9d079ba74f8321930ab277fe44b51705_amd64"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-27/platform-resource-rhel9-operator@sha256:3641db944490dd326c814487e1c10d5d9d079ba74f8321930ab277fe44b51705_amd64",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-27/platform-resource-rhel9-operator@sha256:7e6ea2d4253efb0aaabce270c56bf8ef84148592862608f501b639566b9996f0_arm64 as a component of Red Hat Ansible Automation Platform 2.7",
"product_id": "Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/platform-resource-rhel9-operator@sha256:7e6ea2d4253efb0aaabce270c56bf8ef84148592862608f501b639566b9996f0_arm64"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-27/platform-resource-rhel9-operator@sha256:7e6ea2d4253efb0aaabce270c56bf8ef84148592862608f501b639566b9996f0_arm64",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-27/platform-resource-runner-rhel9@sha256:41c9292a512f44347fc348afd6846e7e8832abde31452ee12ec8eca235acdce4_amd64 as a component of Red Hat Ansible Automation Platform 2.7",
"product_id": "Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/platform-resource-runner-rhel9@sha256:41c9292a512f44347fc348afd6846e7e8832abde31452ee12ec8eca235acdce4_amd64"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-27/platform-resource-runner-rhel9@sha256:41c9292a512f44347fc348afd6846e7e8832abde31452ee12ec8eca235acdce4_amd64",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-27/platform-resource-runner-rhel9@sha256:f30a9515d678d60e9ac035b876ecdaaa8a4852c87fe55e16bcabf598ad447b14_arm64 as a component of Red Hat Ansible Automation Platform 2.7",
"product_id": "Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/platform-resource-runner-rhel9@sha256:f30a9515d678d60e9ac035b876ecdaaa8a4852c87fe55e16bcabf598ad447b14_arm64"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-27/platform-resource-runner-rhel9@sha256:f30a9515d678d60e9ac035b876ecdaaa8a4852c87fe55e16bcabf598ad447b14_arm64",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-27/receptor-rhel9@sha256:1ad72d1f577d63894eec4278c1b92b6e295cb3c0543b4dd2e93750c2cc83d535_amd64 as a component of Red Hat Ansible Automation Platform 2.7",
"product_id": "Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/receptor-rhel9@sha256:1ad72d1f577d63894eec4278c1b92b6e295cb3c0543b4dd2e93750c2cc83d535_amd64"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-27/receptor-rhel9@sha256:1ad72d1f577d63894eec4278c1b92b6e295cb3c0543b4dd2e93750c2cc83d535_amd64",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-27/receptor-rhel9@sha256:5c5bc6761dbd47effea36014affa352bddd5a18696377967f1f50b75df2741fe_arm64 as a component of Red Hat Ansible Automation Platform 2.7",
"product_id": "Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/receptor-rhel9@sha256:5c5bc6761dbd47effea36014affa352bddd5a18696377967f1f50b75df2741fe_arm64"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-27/receptor-rhel9@sha256:5c5bc6761dbd47effea36014affa352bddd5a18696377967f1f50b75df2741fe_arm64",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform/platform-operator-bundle@sha256:32560cdb08b7da9d671f9b035e595971c5bdf865c56eb6825b9a4910add1b9cf_amd64 as a component of Red Hat Ansible Automation Platform 2.7",
"product_id": "Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform/platform-operator-bundle@sha256:32560cdb08b7da9d671f9b035e595971c5bdf865c56eb6825b9a4910add1b9cf_amd64"
},
"product_reference": "registry.redhat.io/ansible-automation-platform/platform-operator-bundle@sha256:32560cdb08b7da9d671f9b035e595971c5bdf865c56eb6825b9a4910add1b9cf_amd64",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform/platform-operator-bundle@sha256:8ef224281fd23b4203da09336df25550db17b01f025e99b8e9821d4bc3ddedfc_amd64 as a component of Red Hat Ansible Automation Platform 2.7",
"product_id": "Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform/platform-operator-bundle@sha256:8ef224281fd23b4203da09336df25550db17b01f025e99b8e9821d4bc3ddedfc_amd64"
},
"product_reference": "registry.redhat.io/ansible-automation-platform/platform-operator-bundle@sha256:8ef224281fd23b4203da09336df25550db17b01f025e99b8e9821d4bc3ddedfc_amd64",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.7"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"Laura Pardo"
],
"organization": "Red Hat Inc.",
"summary": "This issue was discovered by Red Hat."
}
],
"cve": "CVE-2026-44188",
"cwe": {
"id": "CWE-613",
"name": "Insufficient Session Expiration"
},
"discovery_date": "2026-05-05T15:02:26.016000+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/aap-must-gather-rhel9@sha256:51ed36bb2a95df762fa0239faf7bcc70b68dbd5f744bd2094f5e29ecc6700eb3_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/aap-must-gather-rhel9@sha256:8426a97219763cb74366755416683d79e8b56c95da290b0fa2fff59a5db51db3_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/ansible-builder-rhel9@sha256:0ddbc5f91472e5872912da6131e71df85e87b79ef8ea3d38bb4247f1456d4a00_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/ansible-builder-rhel9@sha256:f75e2056244899ae5e2ecab1404663bf554f7451cc521e0d7a75a2f40ecac7a1_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/ansible-dev-tools-rhel9@sha256:7dcd3a60624fa4f6c9f591ef8ffc48ba0f5152b7108a6070fa8f680c20168c95_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/ansible-dev-tools-rhel9@sha256:a8135ef1879793f311f2661c380bd5fbbedc14a4d195aeaa5a4cb04ad4845f49_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/ansible-devspaces-rhel9@sha256:2211c0e7cd573bf30873329c46e91f98ff01fcb7e0753823d4c0517217c31ac3_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/ansible-devspaces-rhel9@sha256:a6903f68684eb8f5bc688b75e390727b5ed48b864784657e49611966266c9f3f_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/controller-rhel9-operator@sha256:5ffa88952441ddab19ada1bd2603e3614b75d10ef51e38098c2d22d8b358b518_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/controller-rhel9-operator@sha256:afca3fb56256dcb7cb04a67fb52bff0160064c65f901a70fa3e97ed30ddaab7a_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/controller-rhel9@sha256:5e1a04dbcddc141f0026ccee871050cf974175b62c3d22b33e5ec3aec54128d3_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/controller-rhel9@sha256:ddb59951ccb324d8bd6ae9c6a6093f211bcb08d8cac7c4fb10f191e421aa59d3_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/de-minimal-rhel9@sha256:55ad63ce31700829d0df23692d02cb7796404b122f790f9329f4b742c5f6783e_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/de-minimal-rhel9@sha256:587ec88d08d4113f07778f81aae6de62c9e9d971b677b1375b547aa7dd1178c8_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/de-supported-rhel9@sha256:5aa7b2e33b9480f45faf8b4686bfb264838b5c1c62c537c5a2ec7b5a8617ac49_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/de-supported-rhel9@sha256:830fa58a60fbd7f768e236b2052edd1d37fc7cf383a0ccd65483b09fa5b07bd2_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/eda-controller-rhel9-operator@sha256:a18f77ccf6c524f5d0c11d34d6787b22548194b6897abd491de85b00fc1befd3_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/eda-controller-rhel9-operator@sha256:b58803576b7a2e119ffe83ceb252d8d402f1611c891c2c6ac7c4e0399acd848f_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/eda-controller-rhel9@sha256:daefffce756c8c7918377279ada50a9cc127ab0939ed308c786940d5dc42e0d9_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/eda-controller-rhel9@sha256:dfde61892d055e89b056f7fb8863f3a0961df2bb8890323b8301670fc8afc66b_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/eda-controller-ui-rhel9@sha256:bd7350b62eb0f2de274eafd7dc32e4cf3073bd597e282268ff17777b9fe5d102_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/eda-controller-ui-rhel9@sha256:fe72e508123fdd2795959017e5572689b039d5bdfc675dc45673c5586fceea17_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/ee-minimal-rhel9@sha256:abaebe0c1fbc2a013fad8ec411a449705c8a78759b82ddbe661afd99e90dada5_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/ee-minimal-rhel9@sha256:c4f9e3356a2217008bd6f69325ae74d547703f1bcfe39bd74737f30c6914f711_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/ee-supported-rhel9@sha256:017495624b22a5825231dd70443dc9ab359da0df5ea16a5a04e0f4dc915b6e0f_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/ee-supported-rhel9@sha256:fcb7685115cfbf0a10ef87d6bb7a43c251c207a4fd7a31c5908cad85b6ae0e1a_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/gateway-proxy-rhel9@sha256:d15bd832817f039fa3c09d6d74088254b6fae15a5efed7a88279a657b2f23f16_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/gateway-proxy-rhel9@sha256:e78dd744714feae5ae944c759759bff17c061c7ed2d3bd1454ba763131ed6ee0_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/gateway-rhel9-operator@sha256:de3d43a8d9a2cf0d533337e825b078205cc37b01c935a4f68ac152a8a7a7533c_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/gateway-rhel9-operator@sha256:eca1f9bd16210653a372e34a4f40ca4d6330618a2acba64f6f7c2e8e95026da1_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/gateway-rhel9@sha256:a961d06200887f646ed797932c3159634581fe144e5f29f1fef47ddc859eed31_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/gateway-rhel9@sha256:bd28a84fe3b750313749ec80d44cac88c7b06408b0caceea08d303f51c1f559a_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/hub-rhel9-operator@sha256:3312c6acd7a577bd8b3ccda5a65f8505ff76e2acc7a46e7f290a49dfb53cfac4_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/hub-rhel9-operator@sha256:c738cf5ef020b44a404402ddd660afc3d418a758751f848068bda4bc5bce0e35_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/hub-rhel9@sha256:3a04de6f43c1352f5df5c5a9e19fd8aad23d2921d23dcef8a9f5e121a87fe800_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/hub-rhel9@sha256:cdd7f08ba3846269e6932375c1a7bdb4ed3bfe062ba7bcd5a872def4293150a6_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/hub-web-rhel9@sha256:adca5f837877df04696709a4826ccae31e2fdc50aa8bc32fabb4ef40cd51f0ef_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/hub-web-rhel9@sha256:fb8342f0f6b8322194bc357c7d9c9d89ef6ca052b88c5618bbf768f555a54b13_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/lightspeed-chatbot-rhel9@sha256:2fab408777ea512f3cf8ac57d5989fa0017f6352dcead3a320d348a3e2ac1004_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/lightspeed-chatbot-rhel9@sha256:c014148a6140721bb7733d5f30c7adbe3e2cc6f8a7cd6c3a939ab96f8c9420ee_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/lightspeed-rhel9-operator@sha256:121e0bfb87b57655db4a735762a26e23f1b3de7b105cbf09bb300043601c1b43_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/lightspeed-rhel9-operator@sha256:6a06579accd268ca5203edab2e46b89166ae6024507cc5b4bed2e126cdef7986_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/mcp-server-rhel9@sha256:302cf11b0faed78e07e863d4b1e7e31db47590b571239385475d8a4c3cda47dc_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/mcp-server-rhel9@sha256:7dbf390d29d295f346662b605448a9748e24b8f541a84f55b6b7c81b87c46025_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/mcp-tools-rhel9@sha256:e6c019048612b124e9a2100220d46f242f0fd2302bbe42e674bf84c21a56b733_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/mcp-tools-rhel9@sha256:f07206e7881bd11636bebb95f7ec9a70cc817f07d7b34f792265a5ec91d4432b_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/metrics-service-rhel9-operator@sha256:7007f666eadfd7294801e6412e624dbc4bd2288f13ea8820ee55e7552f471831_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/metrics-service-rhel9-operator@sha256:d71829d8bd9bfdba7d248e2e2cd5795139382947889b71bb96b27f7d443e1591_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/metrics-service-rhel9@sha256:ce4ef5c8af91d2056a034f9559a5d92742b18aea7aeaf03d2bacfa92d67c5b9b_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/metrics-service-rhel9@sha256:ee347c1a7b52e512d6bdd65afda44f0e372abbaf4c1f81750f23fc473becf777_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/platform-resource-rhel9-operator@sha256:3641db944490dd326c814487e1c10d5d9d079ba74f8321930ab277fe44b51705_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/platform-resource-rhel9-operator@sha256:7e6ea2d4253efb0aaabce270c56bf8ef84148592862608f501b639566b9996f0_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/platform-resource-runner-rhel9@sha256:41c9292a512f44347fc348afd6846e7e8832abde31452ee12ec8eca235acdce4_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/platform-resource-runner-rhel9@sha256:f30a9515d678d60e9ac035b876ecdaaa8a4852c87fe55e16bcabf598ad447b14_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/receptor-rhel9@sha256:1ad72d1f577d63894eec4278c1b92b6e295cb3c0543b4dd2e93750c2cc83d535_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/receptor-rhel9@sha256:5c5bc6761dbd47effea36014affa352bddd5a18696377967f1f50b75df2741fe_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform/platform-operator-bundle@sha256:32560cdb08b7da9d671f9b035e595971c5bdf865c56eb6825b9a4910add1b9cf_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform/platform-operator-bundle@sha256:8ef224281fd23b4203da09336df25550db17b01f025e99b8e9821d4bc3ddedfc_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2466764"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Ansible Lightspeed. This vulnerability, related to insufficient session expiration, allows a remote attacker to maintain persistent access to the Ansible Lightspeed instance. If an attacker exfiltrates a valid OAuth (Open Authorization) access token before a user logs out, they can continue to authenticate and access sensitive data. This is because the application fails to invalidate the token on the backend, leaving it valid until its natural expiration. This can lead to unauthorized read access to Ansible resources such as inventories, playbooks, and configuration data.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "ansible-lightspeed: Ansible Lightspeed: Session hijacking and unauthorized data access due to insufficient session expiration",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This Moderate vulnerability in Ansible Lightspeed allows for post-logout session hijacking. An attacker who obtains a valid OAuth token before a user logs out can maintain persistent unauthorized access to Ansible Automation Platform resources, including inventories and playbooks, because the backend token is not invalidated upon client-side logout. This risk is primarily for data confidentiality, as current token scopes are read-only.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/lightspeed-rhel9@sha256:d02ae0212655f8ef70afc7a0656a2fbc95468228b003f6940d01cf4abeb5325b_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/lightspeed-rhel9@sha256:d10f226739a001a0efc0178f19a73fad722dc85484017d13f388f749a374ffea_amd64"
],
"known_not_affected": [
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/aap-must-gather-rhel9@sha256:51ed36bb2a95df762fa0239faf7bcc70b68dbd5f744bd2094f5e29ecc6700eb3_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/aap-must-gather-rhel9@sha256:8426a97219763cb74366755416683d79e8b56c95da290b0fa2fff59a5db51db3_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/ansible-builder-rhel9@sha256:0ddbc5f91472e5872912da6131e71df85e87b79ef8ea3d38bb4247f1456d4a00_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/ansible-builder-rhel9@sha256:f75e2056244899ae5e2ecab1404663bf554f7451cc521e0d7a75a2f40ecac7a1_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/ansible-dev-tools-rhel9@sha256:7dcd3a60624fa4f6c9f591ef8ffc48ba0f5152b7108a6070fa8f680c20168c95_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/ansible-dev-tools-rhel9@sha256:a8135ef1879793f311f2661c380bd5fbbedc14a4d195aeaa5a4cb04ad4845f49_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/ansible-devspaces-rhel9@sha256:2211c0e7cd573bf30873329c46e91f98ff01fcb7e0753823d4c0517217c31ac3_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/ansible-devspaces-rhel9@sha256:a6903f68684eb8f5bc688b75e390727b5ed48b864784657e49611966266c9f3f_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/controller-rhel9-operator@sha256:5ffa88952441ddab19ada1bd2603e3614b75d10ef51e38098c2d22d8b358b518_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/controller-rhel9-operator@sha256:afca3fb56256dcb7cb04a67fb52bff0160064c65f901a70fa3e97ed30ddaab7a_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/controller-rhel9@sha256:5e1a04dbcddc141f0026ccee871050cf974175b62c3d22b33e5ec3aec54128d3_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/controller-rhel9@sha256:ddb59951ccb324d8bd6ae9c6a6093f211bcb08d8cac7c4fb10f191e421aa59d3_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/de-minimal-rhel9@sha256:55ad63ce31700829d0df23692d02cb7796404b122f790f9329f4b742c5f6783e_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/de-minimal-rhel9@sha256:587ec88d08d4113f07778f81aae6de62c9e9d971b677b1375b547aa7dd1178c8_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/de-supported-rhel9@sha256:5aa7b2e33b9480f45faf8b4686bfb264838b5c1c62c537c5a2ec7b5a8617ac49_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/de-supported-rhel9@sha256:830fa58a60fbd7f768e236b2052edd1d37fc7cf383a0ccd65483b09fa5b07bd2_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/eda-controller-rhel9-operator@sha256:a18f77ccf6c524f5d0c11d34d6787b22548194b6897abd491de85b00fc1befd3_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/eda-controller-rhel9-operator@sha256:b58803576b7a2e119ffe83ceb252d8d402f1611c891c2c6ac7c4e0399acd848f_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/eda-controller-rhel9@sha256:daefffce756c8c7918377279ada50a9cc127ab0939ed308c786940d5dc42e0d9_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/eda-controller-rhel9@sha256:dfde61892d055e89b056f7fb8863f3a0961df2bb8890323b8301670fc8afc66b_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/eda-controller-ui-rhel9@sha256:bd7350b62eb0f2de274eafd7dc32e4cf3073bd597e282268ff17777b9fe5d102_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/eda-controller-ui-rhel9@sha256:fe72e508123fdd2795959017e5572689b039d5bdfc675dc45673c5586fceea17_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/ee-minimal-rhel9@sha256:abaebe0c1fbc2a013fad8ec411a449705c8a78759b82ddbe661afd99e90dada5_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/ee-minimal-rhel9@sha256:c4f9e3356a2217008bd6f69325ae74d547703f1bcfe39bd74737f30c6914f711_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/ee-supported-rhel9@sha256:017495624b22a5825231dd70443dc9ab359da0df5ea16a5a04e0f4dc915b6e0f_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/ee-supported-rhel9@sha256:fcb7685115cfbf0a10ef87d6bb7a43c251c207a4fd7a31c5908cad85b6ae0e1a_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/gateway-proxy-rhel9@sha256:d15bd832817f039fa3c09d6d74088254b6fae15a5efed7a88279a657b2f23f16_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/gateway-proxy-rhel9@sha256:e78dd744714feae5ae944c759759bff17c061c7ed2d3bd1454ba763131ed6ee0_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/gateway-rhel9-operator@sha256:de3d43a8d9a2cf0d533337e825b078205cc37b01c935a4f68ac152a8a7a7533c_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/gateway-rhel9-operator@sha256:eca1f9bd16210653a372e34a4f40ca4d6330618a2acba64f6f7c2e8e95026da1_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/gateway-rhel9@sha256:a961d06200887f646ed797932c3159634581fe144e5f29f1fef47ddc859eed31_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/gateway-rhel9@sha256:bd28a84fe3b750313749ec80d44cac88c7b06408b0caceea08d303f51c1f559a_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/hub-rhel9-operator@sha256:3312c6acd7a577bd8b3ccda5a65f8505ff76e2acc7a46e7f290a49dfb53cfac4_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/hub-rhel9-operator@sha256:c738cf5ef020b44a404402ddd660afc3d418a758751f848068bda4bc5bce0e35_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/hub-rhel9@sha256:3a04de6f43c1352f5df5c5a9e19fd8aad23d2921d23dcef8a9f5e121a87fe800_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/hub-rhel9@sha256:cdd7f08ba3846269e6932375c1a7bdb4ed3bfe062ba7bcd5a872def4293150a6_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/hub-web-rhel9@sha256:adca5f837877df04696709a4826ccae31e2fdc50aa8bc32fabb4ef40cd51f0ef_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/hub-web-rhel9@sha256:fb8342f0f6b8322194bc357c7d9c9d89ef6ca052b88c5618bbf768f555a54b13_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/lightspeed-chatbot-rhel9@sha256:2fab408777ea512f3cf8ac57d5989fa0017f6352dcead3a320d348a3e2ac1004_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/lightspeed-chatbot-rhel9@sha256:c014148a6140721bb7733d5f30c7adbe3e2cc6f8a7cd6c3a939ab96f8c9420ee_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/lightspeed-rhel9-operator@sha256:121e0bfb87b57655db4a735762a26e23f1b3de7b105cbf09bb300043601c1b43_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/lightspeed-rhel9-operator@sha256:6a06579accd268ca5203edab2e46b89166ae6024507cc5b4bed2e126cdef7986_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/mcp-server-rhel9@sha256:302cf11b0faed78e07e863d4b1e7e31db47590b571239385475d8a4c3cda47dc_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/mcp-server-rhel9@sha256:7dbf390d29d295f346662b605448a9748e24b8f541a84f55b6b7c81b87c46025_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/mcp-tools-rhel9@sha256:e6c019048612b124e9a2100220d46f242f0fd2302bbe42e674bf84c21a56b733_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/mcp-tools-rhel9@sha256:f07206e7881bd11636bebb95f7ec9a70cc817f07d7b34f792265a5ec91d4432b_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/metrics-service-rhel9-operator@sha256:7007f666eadfd7294801e6412e624dbc4bd2288f13ea8820ee55e7552f471831_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/metrics-service-rhel9-operator@sha256:d71829d8bd9bfdba7d248e2e2cd5795139382947889b71bb96b27f7d443e1591_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/metrics-service-rhel9@sha256:ce4ef5c8af91d2056a034f9559a5d92742b18aea7aeaf03d2bacfa92d67c5b9b_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/metrics-service-rhel9@sha256:ee347c1a7b52e512d6bdd65afda44f0e372abbaf4c1f81750f23fc473becf777_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/platform-resource-rhel9-operator@sha256:3641db944490dd326c814487e1c10d5d9d079ba74f8321930ab277fe44b51705_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/platform-resource-rhel9-operator@sha256:7e6ea2d4253efb0aaabce270c56bf8ef84148592862608f501b639566b9996f0_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/platform-resource-runner-rhel9@sha256:41c9292a512f44347fc348afd6846e7e8832abde31452ee12ec8eca235acdce4_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/platform-resource-runner-rhel9@sha256:f30a9515d678d60e9ac035b876ecdaaa8a4852c87fe55e16bcabf598ad447b14_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/receptor-rhel9@sha256:1ad72d1f577d63894eec4278c1b92b6e295cb3c0543b4dd2e93750c2cc83d535_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/receptor-rhel9@sha256:5c5bc6761dbd47effea36014affa352bddd5a18696377967f1f50b75df2741fe_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform/platform-operator-bundle@sha256:32560cdb08b7da9d671f9b035e595971c5bdf865c56eb6825b9a4910add1b9cf_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform/platform-operator-bundle@sha256:8ef224281fd23b4203da09336df25550db17b01f025e99b8e9821d4bc3ddedfc_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-44188"
},
{
"category": "external",
"summary": "RHBZ#2466764",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2466764"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-44188",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-44188"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-44188",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44188"
}
],
"release_date": "2026-06-15T08:08:37.961000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-15T08:51:13+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\nFor details on how to apply this update, refer to:\nhttps://docs.redhat.com/en/documentation/red_hat_ansible_automation_platform/2.7#Upgrade",
"product_ids": [
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/lightspeed-rhel9@sha256:d02ae0212655f8ef70afc7a0656a2fbc95468228b003f6940d01cf4abeb5325b_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/lightspeed-rhel9@sha256:d10f226739a001a0efc0178f19a73fad722dc85484017d13f388f749a374ffea_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:25928"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/aap-must-gather-rhel9@sha256:51ed36bb2a95df762fa0239faf7bcc70b68dbd5f744bd2094f5e29ecc6700eb3_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/aap-must-gather-rhel9@sha256:8426a97219763cb74366755416683d79e8b56c95da290b0fa2fff59a5db51db3_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/ansible-builder-rhel9@sha256:0ddbc5f91472e5872912da6131e71df85e87b79ef8ea3d38bb4247f1456d4a00_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/ansible-builder-rhel9@sha256:f75e2056244899ae5e2ecab1404663bf554f7451cc521e0d7a75a2f40ecac7a1_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/ansible-dev-tools-rhel9@sha256:7dcd3a60624fa4f6c9f591ef8ffc48ba0f5152b7108a6070fa8f680c20168c95_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/ansible-dev-tools-rhel9@sha256:a8135ef1879793f311f2661c380bd5fbbedc14a4d195aeaa5a4cb04ad4845f49_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/ansible-devspaces-rhel9@sha256:2211c0e7cd573bf30873329c46e91f98ff01fcb7e0753823d4c0517217c31ac3_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/ansible-devspaces-rhel9@sha256:a6903f68684eb8f5bc688b75e390727b5ed48b864784657e49611966266c9f3f_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/controller-rhel9-operator@sha256:5ffa88952441ddab19ada1bd2603e3614b75d10ef51e38098c2d22d8b358b518_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/controller-rhel9-operator@sha256:afca3fb56256dcb7cb04a67fb52bff0160064c65f901a70fa3e97ed30ddaab7a_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/controller-rhel9@sha256:5e1a04dbcddc141f0026ccee871050cf974175b62c3d22b33e5ec3aec54128d3_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/controller-rhel9@sha256:ddb59951ccb324d8bd6ae9c6a6093f211bcb08d8cac7c4fb10f191e421aa59d3_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/de-minimal-rhel9@sha256:55ad63ce31700829d0df23692d02cb7796404b122f790f9329f4b742c5f6783e_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/de-minimal-rhel9@sha256:587ec88d08d4113f07778f81aae6de62c9e9d971b677b1375b547aa7dd1178c8_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/de-supported-rhel9@sha256:5aa7b2e33b9480f45faf8b4686bfb264838b5c1c62c537c5a2ec7b5a8617ac49_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/de-supported-rhel9@sha256:830fa58a60fbd7f768e236b2052edd1d37fc7cf383a0ccd65483b09fa5b07bd2_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/eda-controller-rhel9-operator@sha256:a18f77ccf6c524f5d0c11d34d6787b22548194b6897abd491de85b00fc1befd3_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/eda-controller-rhel9-operator@sha256:b58803576b7a2e119ffe83ceb252d8d402f1611c891c2c6ac7c4e0399acd848f_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/eda-controller-rhel9@sha256:daefffce756c8c7918377279ada50a9cc127ab0939ed308c786940d5dc42e0d9_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/eda-controller-rhel9@sha256:dfde61892d055e89b056f7fb8863f3a0961df2bb8890323b8301670fc8afc66b_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/eda-controller-ui-rhel9@sha256:bd7350b62eb0f2de274eafd7dc32e4cf3073bd597e282268ff17777b9fe5d102_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/eda-controller-ui-rhel9@sha256:fe72e508123fdd2795959017e5572689b039d5bdfc675dc45673c5586fceea17_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/ee-minimal-rhel9@sha256:abaebe0c1fbc2a013fad8ec411a449705c8a78759b82ddbe661afd99e90dada5_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/ee-minimal-rhel9@sha256:c4f9e3356a2217008bd6f69325ae74d547703f1bcfe39bd74737f30c6914f711_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/ee-supported-rhel9@sha256:017495624b22a5825231dd70443dc9ab359da0df5ea16a5a04e0f4dc915b6e0f_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/ee-supported-rhel9@sha256:fcb7685115cfbf0a10ef87d6bb7a43c251c207a4fd7a31c5908cad85b6ae0e1a_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/gateway-proxy-rhel9@sha256:d15bd832817f039fa3c09d6d74088254b6fae15a5efed7a88279a657b2f23f16_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/gateway-proxy-rhel9@sha256:e78dd744714feae5ae944c759759bff17c061c7ed2d3bd1454ba763131ed6ee0_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/gateway-rhel9-operator@sha256:de3d43a8d9a2cf0d533337e825b078205cc37b01c935a4f68ac152a8a7a7533c_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/gateway-rhel9-operator@sha256:eca1f9bd16210653a372e34a4f40ca4d6330618a2acba64f6f7c2e8e95026da1_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/gateway-rhel9@sha256:a961d06200887f646ed797932c3159634581fe144e5f29f1fef47ddc859eed31_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/gateway-rhel9@sha256:bd28a84fe3b750313749ec80d44cac88c7b06408b0caceea08d303f51c1f559a_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/hub-rhel9-operator@sha256:3312c6acd7a577bd8b3ccda5a65f8505ff76e2acc7a46e7f290a49dfb53cfac4_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/hub-rhel9-operator@sha256:c738cf5ef020b44a404402ddd660afc3d418a758751f848068bda4bc5bce0e35_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/hub-rhel9@sha256:3a04de6f43c1352f5df5c5a9e19fd8aad23d2921d23dcef8a9f5e121a87fe800_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/hub-rhel9@sha256:cdd7f08ba3846269e6932375c1a7bdb4ed3bfe062ba7bcd5a872def4293150a6_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/hub-web-rhel9@sha256:adca5f837877df04696709a4826ccae31e2fdc50aa8bc32fabb4ef40cd51f0ef_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/hub-web-rhel9@sha256:fb8342f0f6b8322194bc357c7d9c9d89ef6ca052b88c5618bbf768f555a54b13_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/lightspeed-chatbot-rhel9@sha256:2fab408777ea512f3cf8ac57d5989fa0017f6352dcead3a320d348a3e2ac1004_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/lightspeed-chatbot-rhel9@sha256:c014148a6140721bb7733d5f30c7adbe3e2cc6f8a7cd6c3a939ab96f8c9420ee_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/lightspeed-rhel9-operator@sha256:121e0bfb87b57655db4a735762a26e23f1b3de7b105cbf09bb300043601c1b43_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/lightspeed-rhel9-operator@sha256:6a06579accd268ca5203edab2e46b89166ae6024507cc5b4bed2e126cdef7986_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/lightspeed-rhel9@sha256:d02ae0212655f8ef70afc7a0656a2fbc95468228b003f6940d01cf4abeb5325b_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/lightspeed-rhel9@sha256:d10f226739a001a0efc0178f19a73fad722dc85484017d13f388f749a374ffea_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/mcp-server-rhel9@sha256:302cf11b0faed78e07e863d4b1e7e31db47590b571239385475d8a4c3cda47dc_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/mcp-server-rhel9@sha256:7dbf390d29d295f346662b605448a9748e24b8f541a84f55b6b7c81b87c46025_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/mcp-tools-rhel9@sha256:e6c019048612b124e9a2100220d46f242f0fd2302bbe42e674bf84c21a56b733_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/mcp-tools-rhel9@sha256:f07206e7881bd11636bebb95f7ec9a70cc817f07d7b34f792265a5ec91d4432b_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/metrics-service-rhel9-operator@sha256:7007f666eadfd7294801e6412e624dbc4bd2288f13ea8820ee55e7552f471831_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/metrics-service-rhel9-operator@sha256:d71829d8bd9bfdba7d248e2e2cd5795139382947889b71bb96b27f7d443e1591_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/metrics-service-rhel9@sha256:ce4ef5c8af91d2056a034f9559a5d92742b18aea7aeaf03d2bacfa92d67c5b9b_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/metrics-service-rhel9@sha256:ee347c1a7b52e512d6bdd65afda44f0e372abbaf4c1f81750f23fc473becf777_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/platform-resource-rhel9-operator@sha256:3641db944490dd326c814487e1c10d5d9d079ba74f8321930ab277fe44b51705_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/platform-resource-rhel9-operator@sha256:7e6ea2d4253efb0aaabce270c56bf8ef84148592862608f501b639566b9996f0_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/platform-resource-runner-rhel9@sha256:41c9292a512f44347fc348afd6846e7e8832abde31452ee12ec8eca235acdce4_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/platform-resource-runner-rhel9@sha256:f30a9515d678d60e9ac035b876ecdaaa8a4852c87fe55e16bcabf598ad447b14_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/receptor-rhel9@sha256:1ad72d1f577d63894eec4278c1b92b6e295cb3c0543b4dd2e93750c2cc83d535_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/receptor-rhel9@sha256:5c5bc6761dbd47effea36014affa352bddd5a18696377967f1f50b75df2741fe_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform/platform-operator-bundle@sha256:32560cdb08b7da9d671f9b035e595971c5bdf865c56eb6825b9a4910add1b9cf_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform/platform-operator-bundle@sha256:8ef224281fd23b4203da09336df25550db17b01f025e99b8e9821d4bc3ddedfc_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/aap-must-gather-rhel9@sha256:51ed36bb2a95df762fa0239faf7bcc70b68dbd5f744bd2094f5e29ecc6700eb3_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/aap-must-gather-rhel9@sha256:8426a97219763cb74366755416683d79e8b56c95da290b0fa2fff59a5db51db3_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/ansible-builder-rhel9@sha256:0ddbc5f91472e5872912da6131e71df85e87b79ef8ea3d38bb4247f1456d4a00_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/ansible-builder-rhel9@sha256:f75e2056244899ae5e2ecab1404663bf554f7451cc521e0d7a75a2f40ecac7a1_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/ansible-dev-tools-rhel9@sha256:7dcd3a60624fa4f6c9f591ef8ffc48ba0f5152b7108a6070fa8f680c20168c95_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/ansible-dev-tools-rhel9@sha256:a8135ef1879793f311f2661c380bd5fbbedc14a4d195aeaa5a4cb04ad4845f49_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/ansible-devspaces-rhel9@sha256:2211c0e7cd573bf30873329c46e91f98ff01fcb7e0753823d4c0517217c31ac3_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/ansible-devspaces-rhel9@sha256:a6903f68684eb8f5bc688b75e390727b5ed48b864784657e49611966266c9f3f_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/controller-rhel9-operator@sha256:5ffa88952441ddab19ada1bd2603e3614b75d10ef51e38098c2d22d8b358b518_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/controller-rhel9-operator@sha256:afca3fb56256dcb7cb04a67fb52bff0160064c65f901a70fa3e97ed30ddaab7a_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/controller-rhel9@sha256:5e1a04dbcddc141f0026ccee871050cf974175b62c3d22b33e5ec3aec54128d3_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/controller-rhel9@sha256:ddb59951ccb324d8bd6ae9c6a6093f211bcb08d8cac7c4fb10f191e421aa59d3_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/de-minimal-rhel9@sha256:55ad63ce31700829d0df23692d02cb7796404b122f790f9329f4b742c5f6783e_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/de-minimal-rhel9@sha256:587ec88d08d4113f07778f81aae6de62c9e9d971b677b1375b547aa7dd1178c8_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/de-supported-rhel9@sha256:5aa7b2e33b9480f45faf8b4686bfb264838b5c1c62c537c5a2ec7b5a8617ac49_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/de-supported-rhel9@sha256:830fa58a60fbd7f768e236b2052edd1d37fc7cf383a0ccd65483b09fa5b07bd2_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/eda-controller-rhel9-operator@sha256:a18f77ccf6c524f5d0c11d34d6787b22548194b6897abd491de85b00fc1befd3_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/eda-controller-rhel9-operator@sha256:b58803576b7a2e119ffe83ceb252d8d402f1611c891c2c6ac7c4e0399acd848f_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/eda-controller-rhel9@sha256:daefffce756c8c7918377279ada50a9cc127ab0939ed308c786940d5dc42e0d9_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/eda-controller-rhel9@sha256:dfde61892d055e89b056f7fb8863f3a0961df2bb8890323b8301670fc8afc66b_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/eda-controller-ui-rhel9@sha256:bd7350b62eb0f2de274eafd7dc32e4cf3073bd597e282268ff17777b9fe5d102_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/eda-controller-ui-rhel9@sha256:fe72e508123fdd2795959017e5572689b039d5bdfc675dc45673c5586fceea17_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/ee-minimal-rhel9@sha256:abaebe0c1fbc2a013fad8ec411a449705c8a78759b82ddbe661afd99e90dada5_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/ee-minimal-rhel9@sha256:c4f9e3356a2217008bd6f69325ae74d547703f1bcfe39bd74737f30c6914f711_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/ee-supported-rhel9@sha256:017495624b22a5825231dd70443dc9ab359da0df5ea16a5a04e0f4dc915b6e0f_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/ee-supported-rhel9@sha256:fcb7685115cfbf0a10ef87d6bb7a43c251c207a4fd7a31c5908cad85b6ae0e1a_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/gateway-proxy-rhel9@sha256:d15bd832817f039fa3c09d6d74088254b6fae15a5efed7a88279a657b2f23f16_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/gateway-proxy-rhel9@sha256:e78dd744714feae5ae944c759759bff17c061c7ed2d3bd1454ba763131ed6ee0_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/gateway-rhel9-operator@sha256:de3d43a8d9a2cf0d533337e825b078205cc37b01c935a4f68ac152a8a7a7533c_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/gateway-rhel9-operator@sha256:eca1f9bd16210653a372e34a4f40ca4d6330618a2acba64f6f7c2e8e95026da1_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/gateway-rhel9@sha256:a961d06200887f646ed797932c3159634581fe144e5f29f1fef47ddc859eed31_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/gateway-rhel9@sha256:bd28a84fe3b750313749ec80d44cac88c7b06408b0caceea08d303f51c1f559a_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/hub-rhel9-operator@sha256:3312c6acd7a577bd8b3ccda5a65f8505ff76e2acc7a46e7f290a49dfb53cfac4_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/hub-rhel9-operator@sha256:c738cf5ef020b44a404402ddd660afc3d418a758751f848068bda4bc5bce0e35_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/hub-rhel9@sha256:3a04de6f43c1352f5df5c5a9e19fd8aad23d2921d23dcef8a9f5e121a87fe800_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/hub-rhel9@sha256:cdd7f08ba3846269e6932375c1a7bdb4ed3bfe062ba7bcd5a872def4293150a6_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/hub-web-rhel9@sha256:adca5f837877df04696709a4826ccae31e2fdc50aa8bc32fabb4ef40cd51f0ef_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/hub-web-rhel9@sha256:fb8342f0f6b8322194bc357c7d9c9d89ef6ca052b88c5618bbf768f555a54b13_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/lightspeed-chatbot-rhel9@sha256:2fab408777ea512f3cf8ac57d5989fa0017f6352dcead3a320d348a3e2ac1004_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/lightspeed-chatbot-rhel9@sha256:c014148a6140721bb7733d5f30c7adbe3e2cc6f8a7cd6c3a939ab96f8c9420ee_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/lightspeed-rhel9-operator@sha256:121e0bfb87b57655db4a735762a26e23f1b3de7b105cbf09bb300043601c1b43_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/lightspeed-rhel9-operator@sha256:6a06579accd268ca5203edab2e46b89166ae6024507cc5b4bed2e126cdef7986_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/lightspeed-rhel9@sha256:d02ae0212655f8ef70afc7a0656a2fbc95468228b003f6940d01cf4abeb5325b_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/lightspeed-rhel9@sha256:d10f226739a001a0efc0178f19a73fad722dc85484017d13f388f749a374ffea_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/mcp-server-rhel9@sha256:302cf11b0faed78e07e863d4b1e7e31db47590b571239385475d8a4c3cda47dc_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/mcp-server-rhel9@sha256:7dbf390d29d295f346662b605448a9748e24b8f541a84f55b6b7c81b87c46025_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/mcp-tools-rhel9@sha256:e6c019048612b124e9a2100220d46f242f0fd2302bbe42e674bf84c21a56b733_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/mcp-tools-rhel9@sha256:f07206e7881bd11636bebb95f7ec9a70cc817f07d7b34f792265a5ec91d4432b_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/metrics-service-rhel9-operator@sha256:7007f666eadfd7294801e6412e624dbc4bd2288f13ea8820ee55e7552f471831_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/metrics-service-rhel9-operator@sha256:d71829d8bd9bfdba7d248e2e2cd5795139382947889b71bb96b27f7d443e1591_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/metrics-service-rhel9@sha256:ce4ef5c8af91d2056a034f9559a5d92742b18aea7aeaf03d2bacfa92d67c5b9b_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/metrics-service-rhel9@sha256:ee347c1a7b52e512d6bdd65afda44f0e372abbaf4c1f81750f23fc473becf777_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/platform-resource-rhel9-operator@sha256:3641db944490dd326c814487e1c10d5d9d079ba74f8321930ab277fe44b51705_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/platform-resource-rhel9-operator@sha256:7e6ea2d4253efb0aaabce270c56bf8ef84148592862608f501b639566b9996f0_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/platform-resource-runner-rhel9@sha256:41c9292a512f44347fc348afd6846e7e8832abde31452ee12ec8eca235acdce4_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/platform-resource-runner-rhel9@sha256:f30a9515d678d60e9ac035b876ecdaaa8a4852c87fe55e16bcabf598ad447b14_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/receptor-rhel9@sha256:1ad72d1f577d63894eec4278c1b92b6e295cb3c0543b4dd2e93750c2cc83d535_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/receptor-rhel9@sha256:5c5bc6761dbd47effea36014affa352bddd5a18696377967f1f50b75df2741fe_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform/platform-operator-bundle@sha256:32560cdb08b7da9d671f9b035e595971c5bdf865c56eb6825b9a4910add1b9cf_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform/platform-operator-bundle@sha256:8ef224281fd23b4203da09336df25550db17b01f025e99b8e9821d4bc3ddedfc_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "ansible-lightspeed: Ansible Lightspeed: Session hijacking and unauthorized data access due to insufficient session expiration"
},
{
"cve": "CVE-2026-44431",
"cwe": {
"id": "CWE-201",
"name": "Insertion of Sensitive Information Into Sent Data"
},
"discovery_date": "2026-05-13T17:01:41.663622+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/aap-must-gather-rhel9@sha256:51ed36bb2a95df762fa0239faf7bcc70b68dbd5f744bd2094f5e29ecc6700eb3_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/aap-must-gather-rhel9@sha256:8426a97219763cb74366755416683d79e8b56c95da290b0fa2fff59a5db51db3_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/ansible-builder-rhel9@sha256:0ddbc5f91472e5872912da6131e71df85e87b79ef8ea3d38bb4247f1456d4a00_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/ansible-builder-rhel9@sha256:f75e2056244899ae5e2ecab1404663bf554f7451cc521e0d7a75a2f40ecac7a1_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/ansible-dev-tools-rhel9@sha256:7dcd3a60624fa4f6c9f591ef8ffc48ba0f5152b7108a6070fa8f680c20168c95_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/ansible-dev-tools-rhel9@sha256:a8135ef1879793f311f2661c380bd5fbbedc14a4d195aeaa5a4cb04ad4845f49_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/ansible-devspaces-rhel9@sha256:2211c0e7cd573bf30873329c46e91f98ff01fcb7e0753823d4c0517217c31ac3_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/ansible-devspaces-rhel9@sha256:a6903f68684eb8f5bc688b75e390727b5ed48b864784657e49611966266c9f3f_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/controller-rhel9-operator@sha256:5ffa88952441ddab19ada1bd2603e3614b75d10ef51e38098c2d22d8b358b518_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/controller-rhel9-operator@sha256:afca3fb56256dcb7cb04a67fb52bff0160064c65f901a70fa3e97ed30ddaab7a_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/controller-rhel9@sha256:5e1a04dbcddc141f0026ccee871050cf974175b62c3d22b33e5ec3aec54128d3_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/controller-rhel9@sha256:ddb59951ccb324d8bd6ae9c6a6093f211bcb08d8cac7c4fb10f191e421aa59d3_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/de-minimal-rhel9@sha256:55ad63ce31700829d0df23692d02cb7796404b122f790f9329f4b742c5f6783e_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/de-minimal-rhel9@sha256:587ec88d08d4113f07778f81aae6de62c9e9d971b677b1375b547aa7dd1178c8_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/de-supported-rhel9@sha256:5aa7b2e33b9480f45faf8b4686bfb264838b5c1c62c537c5a2ec7b5a8617ac49_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/de-supported-rhel9@sha256:830fa58a60fbd7f768e236b2052edd1d37fc7cf383a0ccd65483b09fa5b07bd2_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/eda-controller-rhel9-operator@sha256:a18f77ccf6c524f5d0c11d34d6787b22548194b6897abd491de85b00fc1befd3_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/eda-controller-rhel9-operator@sha256:b58803576b7a2e119ffe83ceb252d8d402f1611c891c2c6ac7c4e0399acd848f_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/eda-controller-rhel9@sha256:daefffce756c8c7918377279ada50a9cc127ab0939ed308c786940d5dc42e0d9_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/eda-controller-rhel9@sha256:dfde61892d055e89b056f7fb8863f3a0961df2bb8890323b8301670fc8afc66b_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/eda-controller-ui-rhel9@sha256:bd7350b62eb0f2de274eafd7dc32e4cf3073bd597e282268ff17777b9fe5d102_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/eda-controller-ui-rhel9@sha256:fe72e508123fdd2795959017e5572689b039d5bdfc675dc45673c5586fceea17_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/ee-minimal-rhel9@sha256:abaebe0c1fbc2a013fad8ec411a449705c8a78759b82ddbe661afd99e90dada5_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/ee-minimal-rhel9@sha256:c4f9e3356a2217008bd6f69325ae74d547703f1bcfe39bd74737f30c6914f711_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/ee-supported-rhel9@sha256:017495624b22a5825231dd70443dc9ab359da0df5ea16a5a04e0f4dc915b6e0f_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/ee-supported-rhel9@sha256:fcb7685115cfbf0a10ef87d6bb7a43c251c207a4fd7a31c5908cad85b6ae0e1a_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/gateway-proxy-rhel9@sha256:d15bd832817f039fa3c09d6d74088254b6fae15a5efed7a88279a657b2f23f16_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/gateway-proxy-rhel9@sha256:e78dd744714feae5ae944c759759bff17c061c7ed2d3bd1454ba763131ed6ee0_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/gateway-rhel9-operator@sha256:de3d43a8d9a2cf0d533337e825b078205cc37b01c935a4f68ac152a8a7a7533c_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/gateway-rhel9-operator@sha256:eca1f9bd16210653a372e34a4f40ca4d6330618a2acba64f6f7c2e8e95026da1_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/gateway-rhel9@sha256:a961d06200887f646ed797932c3159634581fe144e5f29f1fef47ddc859eed31_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/gateway-rhel9@sha256:bd28a84fe3b750313749ec80d44cac88c7b06408b0caceea08d303f51c1f559a_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/hub-rhel9-operator@sha256:3312c6acd7a577bd8b3ccda5a65f8505ff76e2acc7a46e7f290a49dfb53cfac4_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/hub-rhel9-operator@sha256:c738cf5ef020b44a404402ddd660afc3d418a758751f848068bda4bc5bce0e35_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/hub-web-rhel9@sha256:adca5f837877df04696709a4826ccae31e2fdc50aa8bc32fabb4ef40cd51f0ef_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/hub-web-rhel9@sha256:fb8342f0f6b8322194bc357c7d9c9d89ef6ca052b88c5618bbf768f555a54b13_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/lightspeed-chatbot-rhel9@sha256:2fab408777ea512f3cf8ac57d5989fa0017f6352dcead3a320d348a3e2ac1004_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/lightspeed-chatbot-rhel9@sha256:c014148a6140721bb7733d5f30c7adbe3e2cc6f8a7cd6c3a939ab96f8c9420ee_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/lightspeed-rhel9-operator@sha256:121e0bfb87b57655db4a735762a26e23f1b3de7b105cbf09bb300043601c1b43_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/lightspeed-rhel9-operator@sha256:6a06579accd268ca5203edab2e46b89166ae6024507cc5b4bed2e126cdef7986_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/lightspeed-rhel9@sha256:d02ae0212655f8ef70afc7a0656a2fbc95468228b003f6940d01cf4abeb5325b_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/lightspeed-rhel9@sha256:d10f226739a001a0efc0178f19a73fad722dc85484017d13f388f749a374ffea_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/mcp-server-rhel9@sha256:302cf11b0faed78e07e863d4b1e7e31db47590b571239385475d8a4c3cda47dc_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/mcp-server-rhel9@sha256:7dbf390d29d295f346662b605448a9748e24b8f541a84f55b6b7c81b87c46025_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/mcp-tools-rhel9@sha256:e6c019048612b124e9a2100220d46f242f0fd2302bbe42e674bf84c21a56b733_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/mcp-tools-rhel9@sha256:f07206e7881bd11636bebb95f7ec9a70cc817f07d7b34f792265a5ec91d4432b_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/metrics-service-rhel9-operator@sha256:7007f666eadfd7294801e6412e624dbc4bd2288f13ea8820ee55e7552f471831_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/metrics-service-rhel9-operator@sha256:d71829d8bd9bfdba7d248e2e2cd5795139382947889b71bb96b27f7d443e1591_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/metrics-service-rhel9@sha256:ce4ef5c8af91d2056a034f9559a5d92742b18aea7aeaf03d2bacfa92d67c5b9b_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/metrics-service-rhel9@sha256:ee347c1a7b52e512d6bdd65afda44f0e372abbaf4c1f81750f23fc473becf777_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/platform-resource-rhel9-operator@sha256:3641db944490dd326c814487e1c10d5d9d079ba74f8321930ab277fe44b51705_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/platform-resource-rhel9-operator@sha256:7e6ea2d4253efb0aaabce270c56bf8ef84148592862608f501b639566b9996f0_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/platform-resource-runner-rhel9@sha256:41c9292a512f44347fc348afd6846e7e8832abde31452ee12ec8eca235acdce4_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/platform-resource-runner-rhel9@sha256:f30a9515d678d60e9ac035b876ecdaaa8a4852c87fe55e16bcabf598ad447b14_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/receptor-rhel9@sha256:1ad72d1f577d63894eec4278c1b92b6e295cb3c0543b4dd2e93750c2cc83d535_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/receptor-rhel9@sha256:5c5bc6761dbd47effea36014affa352bddd5a18696377967f1f50b75df2741fe_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform/platform-operator-bundle@sha256:32560cdb08b7da9d671f9b035e595971c5bdf865c56eb6825b9a4910add1b9cf_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform/platform-operator-bundle@sha256:8ef224281fd23b4203da09336df25550db17b01f025e99b8e9821d4bc3ddedfc_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2477167"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in urllib3, an HTTP client library for Python. When using the low-level API via `ProxyManager.connection_from_url().urlopen()` with `assert_same_host=False`, cross-origin redirects can still forward sensitive headers. This could allow a remote attacker to gain unauthorized access to sensitive information.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "urllib3: urllib3: Information disclosure via cross-origin redirects forwarding sensitive headers",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/hub-rhel9@sha256:3a04de6f43c1352f5df5c5a9e19fd8aad23d2921d23dcef8a9f5e121a87fe800_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/hub-rhel9@sha256:cdd7f08ba3846269e6932375c1a7bdb4ed3bfe062ba7bcd5a872def4293150a6_amd64"
],
"known_not_affected": [
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/aap-must-gather-rhel9@sha256:51ed36bb2a95df762fa0239faf7bcc70b68dbd5f744bd2094f5e29ecc6700eb3_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/aap-must-gather-rhel9@sha256:8426a97219763cb74366755416683d79e8b56c95da290b0fa2fff59a5db51db3_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/ansible-builder-rhel9@sha256:0ddbc5f91472e5872912da6131e71df85e87b79ef8ea3d38bb4247f1456d4a00_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/ansible-builder-rhel9@sha256:f75e2056244899ae5e2ecab1404663bf554f7451cc521e0d7a75a2f40ecac7a1_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/ansible-dev-tools-rhel9@sha256:7dcd3a60624fa4f6c9f591ef8ffc48ba0f5152b7108a6070fa8f680c20168c95_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/ansible-dev-tools-rhel9@sha256:a8135ef1879793f311f2661c380bd5fbbedc14a4d195aeaa5a4cb04ad4845f49_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/ansible-devspaces-rhel9@sha256:2211c0e7cd573bf30873329c46e91f98ff01fcb7e0753823d4c0517217c31ac3_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/ansible-devspaces-rhel9@sha256:a6903f68684eb8f5bc688b75e390727b5ed48b864784657e49611966266c9f3f_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/controller-rhel9-operator@sha256:5ffa88952441ddab19ada1bd2603e3614b75d10ef51e38098c2d22d8b358b518_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/controller-rhel9-operator@sha256:afca3fb56256dcb7cb04a67fb52bff0160064c65f901a70fa3e97ed30ddaab7a_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/controller-rhel9@sha256:5e1a04dbcddc141f0026ccee871050cf974175b62c3d22b33e5ec3aec54128d3_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/controller-rhel9@sha256:ddb59951ccb324d8bd6ae9c6a6093f211bcb08d8cac7c4fb10f191e421aa59d3_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/de-minimal-rhel9@sha256:55ad63ce31700829d0df23692d02cb7796404b122f790f9329f4b742c5f6783e_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/de-minimal-rhel9@sha256:587ec88d08d4113f07778f81aae6de62c9e9d971b677b1375b547aa7dd1178c8_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/de-supported-rhel9@sha256:5aa7b2e33b9480f45faf8b4686bfb264838b5c1c62c537c5a2ec7b5a8617ac49_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/de-supported-rhel9@sha256:830fa58a60fbd7f768e236b2052edd1d37fc7cf383a0ccd65483b09fa5b07bd2_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/eda-controller-rhel9-operator@sha256:a18f77ccf6c524f5d0c11d34d6787b22548194b6897abd491de85b00fc1befd3_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/eda-controller-rhel9-operator@sha256:b58803576b7a2e119ffe83ceb252d8d402f1611c891c2c6ac7c4e0399acd848f_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/eda-controller-rhel9@sha256:daefffce756c8c7918377279ada50a9cc127ab0939ed308c786940d5dc42e0d9_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/eda-controller-rhel9@sha256:dfde61892d055e89b056f7fb8863f3a0961df2bb8890323b8301670fc8afc66b_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/eda-controller-ui-rhel9@sha256:bd7350b62eb0f2de274eafd7dc32e4cf3073bd597e282268ff17777b9fe5d102_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/eda-controller-ui-rhel9@sha256:fe72e508123fdd2795959017e5572689b039d5bdfc675dc45673c5586fceea17_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/ee-minimal-rhel9@sha256:abaebe0c1fbc2a013fad8ec411a449705c8a78759b82ddbe661afd99e90dada5_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/ee-minimal-rhel9@sha256:c4f9e3356a2217008bd6f69325ae74d547703f1bcfe39bd74737f30c6914f711_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/ee-supported-rhel9@sha256:017495624b22a5825231dd70443dc9ab359da0df5ea16a5a04e0f4dc915b6e0f_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/ee-supported-rhel9@sha256:fcb7685115cfbf0a10ef87d6bb7a43c251c207a4fd7a31c5908cad85b6ae0e1a_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/gateway-proxy-rhel9@sha256:d15bd832817f039fa3c09d6d74088254b6fae15a5efed7a88279a657b2f23f16_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/gateway-proxy-rhel9@sha256:e78dd744714feae5ae944c759759bff17c061c7ed2d3bd1454ba763131ed6ee0_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/gateway-rhel9-operator@sha256:de3d43a8d9a2cf0d533337e825b078205cc37b01c935a4f68ac152a8a7a7533c_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/gateway-rhel9-operator@sha256:eca1f9bd16210653a372e34a4f40ca4d6330618a2acba64f6f7c2e8e95026da1_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/gateway-rhel9@sha256:a961d06200887f646ed797932c3159634581fe144e5f29f1fef47ddc859eed31_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/gateway-rhel9@sha256:bd28a84fe3b750313749ec80d44cac88c7b06408b0caceea08d303f51c1f559a_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/hub-rhel9-operator@sha256:3312c6acd7a577bd8b3ccda5a65f8505ff76e2acc7a46e7f290a49dfb53cfac4_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/hub-rhel9-operator@sha256:c738cf5ef020b44a404402ddd660afc3d418a758751f848068bda4bc5bce0e35_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/hub-web-rhel9@sha256:adca5f837877df04696709a4826ccae31e2fdc50aa8bc32fabb4ef40cd51f0ef_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/hub-web-rhel9@sha256:fb8342f0f6b8322194bc357c7d9c9d89ef6ca052b88c5618bbf768f555a54b13_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/lightspeed-chatbot-rhel9@sha256:2fab408777ea512f3cf8ac57d5989fa0017f6352dcead3a320d348a3e2ac1004_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/lightspeed-chatbot-rhel9@sha256:c014148a6140721bb7733d5f30c7adbe3e2cc6f8a7cd6c3a939ab96f8c9420ee_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/lightspeed-rhel9-operator@sha256:121e0bfb87b57655db4a735762a26e23f1b3de7b105cbf09bb300043601c1b43_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/lightspeed-rhel9-operator@sha256:6a06579accd268ca5203edab2e46b89166ae6024507cc5b4bed2e126cdef7986_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/lightspeed-rhel9@sha256:d02ae0212655f8ef70afc7a0656a2fbc95468228b003f6940d01cf4abeb5325b_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/lightspeed-rhel9@sha256:d10f226739a001a0efc0178f19a73fad722dc85484017d13f388f749a374ffea_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/mcp-server-rhel9@sha256:302cf11b0faed78e07e863d4b1e7e31db47590b571239385475d8a4c3cda47dc_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/mcp-server-rhel9@sha256:7dbf390d29d295f346662b605448a9748e24b8f541a84f55b6b7c81b87c46025_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/mcp-tools-rhel9@sha256:e6c019048612b124e9a2100220d46f242f0fd2302bbe42e674bf84c21a56b733_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/mcp-tools-rhel9@sha256:f07206e7881bd11636bebb95f7ec9a70cc817f07d7b34f792265a5ec91d4432b_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/metrics-service-rhel9-operator@sha256:7007f666eadfd7294801e6412e624dbc4bd2288f13ea8820ee55e7552f471831_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/metrics-service-rhel9-operator@sha256:d71829d8bd9bfdba7d248e2e2cd5795139382947889b71bb96b27f7d443e1591_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/metrics-service-rhel9@sha256:ce4ef5c8af91d2056a034f9559a5d92742b18aea7aeaf03d2bacfa92d67c5b9b_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/metrics-service-rhel9@sha256:ee347c1a7b52e512d6bdd65afda44f0e372abbaf4c1f81750f23fc473becf777_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/platform-resource-rhel9-operator@sha256:3641db944490dd326c814487e1c10d5d9d079ba74f8321930ab277fe44b51705_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/platform-resource-rhel9-operator@sha256:7e6ea2d4253efb0aaabce270c56bf8ef84148592862608f501b639566b9996f0_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/platform-resource-runner-rhel9@sha256:41c9292a512f44347fc348afd6846e7e8832abde31452ee12ec8eca235acdce4_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/platform-resource-runner-rhel9@sha256:f30a9515d678d60e9ac035b876ecdaaa8a4852c87fe55e16bcabf598ad447b14_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/receptor-rhel9@sha256:1ad72d1f577d63894eec4278c1b92b6e295cb3c0543b4dd2e93750c2cc83d535_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/receptor-rhel9@sha256:5c5bc6761dbd47effea36014affa352bddd5a18696377967f1f50b75df2741fe_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform/platform-operator-bundle@sha256:32560cdb08b7da9d671f9b035e595971c5bdf865c56eb6825b9a4910add1b9cf_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform/platform-operator-bundle@sha256:8ef224281fd23b4203da09336df25550db17b01f025e99b8e9821d4bc3ddedfc_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-44431"
},
{
"category": "external",
"summary": "RHBZ#2477167",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2477167"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-44431",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-44431"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-44431",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44431"
},
{
"category": "external",
"summary": "https://github.com/urllib3/urllib3/security/advisories/GHSA-qccp-gfcp-xxvc",
"url": "https://github.com/urllib3/urllib3/security/advisories/GHSA-qccp-gfcp-xxvc"
}
],
"release_date": "2026-05-13T15:20:24.588000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-15T08:51:13+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\nFor details on how to apply this update, refer to:\nhttps://docs.redhat.com/en/documentation/red_hat_ansible_automation_platform/2.7#Upgrade",
"product_ids": [
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/hub-rhel9@sha256:3a04de6f43c1352f5df5c5a9e19fd8aad23d2921d23dcef8a9f5e121a87fe800_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/hub-rhel9@sha256:cdd7f08ba3846269e6932375c1a7bdb4ed3bfe062ba7bcd5a872def4293150a6_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:25928"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/aap-must-gather-rhel9@sha256:51ed36bb2a95df762fa0239faf7bcc70b68dbd5f744bd2094f5e29ecc6700eb3_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/aap-must-gather-rhel9@sha256:8426a97219763cb74366755416683d79e8b56c95da290b0fa2fff59a5db51db3_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/ansible-builder-rhel9@sha256:0ddbc5f91472e5872912da6131e71df85e87b79ef8ea3d38bb4247f1456d4a00_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/ansible-builder-rhel9@sha256:f75e2056244899ae5e2ecab1404663bf554f7451cc521e0d7a75a2f40ecac7a1_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/ansible-dev-tools-rhel9@sha256:7dcd3a60624fa4f6c9f591ef8ffc48ba0f5152b7108a6070fa8f680c20168c95_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/ansible-dev-tools-rhel9@sha256:a8135ef1879793f311f2661c380bd5fbbedc14a4d195aeaa5a4cb04ad4845f49_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/ansible-devspaces-rhel9@sha256:2211c0e7cd573bf30873329c46e91f98ff01fcb7e0753823d4c0517217c31ac3_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/ansible-devspaces-rhel9@sha256:a6903f68684eb8f5bc688b75e390727b5ed48b864784657e49611966266c9f3f_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/controller-rhel9-operator@sha256:5ffa88952441ddab19ada1bd2603e3614b75d10ef51e38098c2d22d8b358b518_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/controller-rhel9-operator@sha256:afca3fb56256dcb7cb04a67fb52bff0160064c65f901a70fa3e97ed30ddaab7a_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/controller-rhel9@sha256:5e1a04dbcddc141f0026ccee871050cf974175b62c3d22b33e5ec3aec54128d3_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/controller-rhel9@sha256:ddb59951ccb324d8bd6ae9c6a6093f211bcb08d8cac7c4fb10f191e421aa59d3_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/de-minimal-rhel9@sha256:55ad63ce31700829d0df23692d02cb7796404b122f790f9329f4b742c5f6783e_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/de-minimal-rhel9@sha256:587ec88d08d4113f07778f81aae6de62c9e9d971b677b1375b547aa7dd1178c8_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/de-supported-rhel9@sha256:5aa7b2e33b9480f45faf8b4686bfb264838b5c1c62c537c5a2ec7b5a8617ac49_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/de-supported-rhel9@sha256:830fa58a60fbd7f768e236b2052edd1d37fc7cf383a0ccd65483b09fa5b07bd2_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/eda-controller-rhel9-operator@sha256:a18f77ccf6c524f5d0c11d34d6787b22548194b6897abd491de85b00fc1befd3_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/eda-controller-rhel9-operator@sha256:b58803576b7a2e119ffe83ceb252d8d402f1611c891c2c6ac7c4e0399acd848f_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/eda-controller-rhel9@sha256:daefffce756c8c7918377279ada50a9cc127ab0939ed308c786940d5dc42e0d9_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/eda-controller-rhel9@sha256:dfde61892d055e89b056f7fb8863f3a0961df2bb8890323b8301670fc8afc66b_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/eda-controller-ui-rhel9@sha256:bd7350b62eb0f2de274eafd7dc32e4cf3073bd597e282268ff17777b9fe5d102_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/eda-controller-ui-rhel9@sha256:fe72e508123fdd2795959017e5572689b039d5bdfc675dc45673c5586fceea17_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/ee-minimal-rhel9@sha256:abaebe0c1fbc2a013fad8ec411a449705c8a78759b82ddbe661afd99e90dada5_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/ee-minimal-rhel9@sha256:c4f9e3356a2217008bd6f69325ae74d547703f1bcfe39bd74737f30c6914f711_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/ee-supported-rhel9@sha256:017495624b22a5825231dd70443dc9ab359da0df5ea16a5a04e0f4dc915b6e0f_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/ee-supported-rhel9@sha256:fcb7685115cfbf0a10ef87d6bb7a43c251c207a4fd7a31c5908cad85b6ae0e1a_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/gateway-proxy-rhel9@sha256:d15bd832817f039fa3c09d6d74088254b6fae15a5efed7a88279a657b2f23f16_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/gateway-proxy-rhel9@sha256:e78dd744714feae5ae944c759759bff17c061c7ed2d3bd1454ba763131ed6ee0_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/gateway-rhel9-operator@sha256:de3d43a8d9a2cf0d533337e825b078205cc37b01c935a4f68ac152a8a7a7533c_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/gateway-rhel9-operator@sha256:eca1f9bd16210653a372e34a4f40ca4d6330618a2acba64f6f7c2e8e95026da1_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/gateway-rhel9@sha256:a961d06200887f646ed797932c3159634581fe144e5f29f1fef47ddc859eed31_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/gateway-rhel9@sha256:bd28a84fe3b750313749ec80d44cac88c7b06408b0caceea08d303f51c1f559a_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/hub-rhel9-operator@sha256:3312c6acd7a577bd8b3ccda5a65f8505ff76e2acc7a46e7f290a49dfb53cfac4_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/hub-rhel9-operator@sha256:c738cf5ef020b44a404402ddd660afc3d418a758751f848068bda4bc5bce0e35_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/hub-rhel9@sha256:3a04de6f43c1352f5df5c5a9e19fd8aad23d2921d23dcef8a9f5e121a87fe800_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/hub-rhel9@sha256:cdd7f08ba3846269e6932375c1a7bdb4ed3bfe062ba7bcd5a872def4293150a6_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/hub-web-rhel9@sha256:adca5f837877df04696709a4826ccae31e2fdc50aa8bc32fabb4ef40cd51f0ef_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/hub-web-rhel9@sha256:fb8342f0f6b8322194bc357c7d9c9d89ef6ca052b88c5618bbf768f555a54b13_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/lightspeed-chatbot-rhel9@sha256:2fab408777ea512f3cf8ac57d5989fa0017f6352dcead3a320d348a3e2ac1004_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/lightspeed-chatbot-rhel9@sha256:c014148a6140721bb7733d5f30c7adbe3e2cc6f8a7cd6c3a939ab96f8c9420ee_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/lightspeed-rhel9-operator@sha256:121e0bfb87b57655db4a735762a26e23f1b3de7b105cbf09bb300043601c1b43_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/lightspeed-rhel9-operator@sha256:6a06579accd268ca5203edab2e46b89166ae6024507cc5b4bed2e126cdef7986_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/lightspeed-rhel9@sha256:d02ae0212655f8ef70afc7a0656a2fbc95468228b003f6940d01cf4abeb5325b_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/lightspeed-rhel9@sha256:d10f226739a001a0efc0178f19a73fad722dc85484017d13f388f749a374ffea_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/mcp-server-rhel9@sha256:302cf11b0faed78e07e863d4b1e7e31db47590b571239385475d8a4c3cda47dc_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/mcp-server-rhel9@sha256:7dbf390d29d295f346662b605448a9748e24b8f541a84f55b6b7c81b87c46025_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/mcp-tools-rhel9@sha256:e6c019048612b124e9a2100220d46f242f0fd2302bbe42e674bf84c21a56b733_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/mcp-tools-rhel9@sha256:f07206e7881bd11636bebb95f7ec9a70cc817f07d7b34f792265a5ec91d4432b_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/metrics-service-rhel9-operator@sha256:7007f666eadfd7294801e6412e624dbc4bd2288f13ea8820ee55e7552f471831_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/metrics-service-rhel9-operator@sha256:d71829d8bd9bfdba7d248e2e2cd5795139382947889b71bb96b27f7d443e1591_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/metrics-service-rhel9@sha256:ce4ef5c8af91d2056a034f9559a5d92742b18aea7aeaf03d2bacfa92d67c5b9b_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/metrics-service-rhel9@sha256:ee347c1a7b52e512d6bdd65afda44f0e372abbaf4c1f81750f23fc473becf777_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/platform-resource-rhel9-operator@sha256:3641db944490dd326c814487e1c10d5d9d079ba74f8321930ab277fe44b51705_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/platform-resource-rhel9-operator@sha256:7e6ea2d4253efb0aaabce270c56bf8ef84148592862608f501b639566b9996f0_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/platform-resource-runner-rhel9@sha256:41c9292a512f44347fc348afd6846e7e8832abde31452ee12ec8eca235acdce4_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/platform-resource-runner-rhel9@sha256:f30a9515d678d60e9ac035b876ecdaaa8a4852c87fe55e16bcabf598ad447b14_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/receptor-rhel9@sha256:1ad72d1f577d63894eec4278c1b92b6e295cb3c0543b4dd2e93750c2cc83d535_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/receptor-rhel9@sha256:5c5bc6761dbd47effea36014affa352bddd5a18696377967f1f50b75df2741fe_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform/platform-operator-bundle@sha256:32560cdb08b7da9d671f9b035e595971c5bdf865c56eb6825b9a4910add1b9cf_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform/platform-operator-bundle@sha256:8ef224281fd23b4203da09336df25550db17b01f025e99b8e9821d4bc3ddedfc_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "urllib3: urllib3: Information disclosure via cross-origin redirects forwarding sensitive headers"
},
{
"cve": "CVE-2026-44432",
"cwe": {
"id": "CWE-409",
"name": "Improper Handling of Highly Compressed Data (Data Amplification)"
},
"discovery_date": "2026-05-13T17:01:01.083841+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/aap-must-gather-rhel9@sha256:51ed36bb2a95df762fa0239faf7bcc70b68dbd5f744bd2094f5e29ecc6700eb3_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/aap-must-gather-rhel9@sha256:8426a97219763cb74366755416683d79e8b56c95da290b0fa2fff59a5db51db3_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/ansible-builder-rhel9@sha256:0ddbc5f91472e5872912da6131e71df85e87b79ef8ea3d38bb4247f1456d4a00_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/ansible-builder-rhel9@sha256:f75e2056244899ae5e2ecab1404663bf554f7451cc521e0d7a75a2f40ecac7a1_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/ansible-dev-tools-rhel9@sha256:7dcd3a60624fa4f6c9f591ef8ffc48ba0f5152b7108a6070fa8f680c20168c95_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/ansible-dev-tools-rhel9@sha256:a8135ef1879793f311f2661c380bd5fbbedc14a4d195aeaa5a4cb04ad4845f49_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/ansible-devspaces-rhel9@sha256:2211c0e7cd573bf30873329c46e91f98ff01fcb7e0753823d4c0517217c31ac3_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/ansible-devspaces-rhel9@sha256:a6903f68684eb8f5bc688b75e390727b5ed48b864784657e49611966266c9f3f_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/controller-rhel9-operator@sha256:5ffa88952441ddab19ada1bd2603e3614b75d10ef51e38098c2d22d8b358b518_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/controller-rhel9-operator@sha256:afca3fb56256dcb7cb04a67fb52bff0160064c65f901a70fa3e97ed30ddaab7a_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/controller-rhel9@sha256:5e1a04dbcddc141f0026ccee871050cf974175b62c3d22b33e5ec3aec54128d3_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/controller-rhel9@sha256:ddb59951ccb324d8bd6ae9c6a6093f211bcb08d8cac7c4fb10f191e421aa59d3_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/de-minimal-rhel9@sha256:55ad63ce31700829d0df23692d02cb7796404b122f790f9329f4b742c5f6783e_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/de-minimal-rhel9@sha256:587ec88d08d4113f07778f81aae6de62c9e9d971b677b1375b547aa7dd1178c8_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/de-supported-rhel9@sha256:5aa7b2e33b9480f45faf8b4686bfb264838b5c1c62c537c5a2ec7b5a8617ac49_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/de-supported-rhel9@sha256:830fa58a60fbd7f768e236b2052edd1d37fc7cf383a0ccd65483b09fa5b07bd2_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/eda-controller-rhel9-operator@sha256:a18f77ccf6c524f5d0c11d34d6787b22548194b6897abd491de85b00fc1befd3_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/eda-controller-rhel9-operator@sha256:b58803576b7a2e119ffe83ceb252d8d402f1611c891c2c6ac7c4e0399acd848f_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/eda-controller-ui-rhel9@sha256:bd7350b62eb0f2de274eafd7dc32e4cf3073bd597e282268ff17777b9fe5d102_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/eda-controller-ui-rhel9@sha256:fe72e508123fdd2795959017e5572689b039d5bdfc675dc45673c5586fceea17_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/ee-minimal-rhel9@sha256:abaebe0c1fbc2a013fad8ec411a449705c8a78759b82ddbe661afd99e90dada5_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/ee-minimal-rhel9@sha256:c4f9e3356a2217008bd6f69325ae74d547703f1bcfe39bd74737f30c6914f711_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/ee-supported-rhel9@sha256:017495624b22a5825231dd70443dc9ab359da0df5ea16a5a04e0f4dc915b6e0f_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/ee-supported-rhel9@sha256:fcb7685115cfbf0a10ef87d6bb7a43c251c207a4fd7a31c5908cad85b6ae0e1a_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/gateway-proxy-rhel9@sha256:d15bd832817f039fa3c09d6d74088254b6fae15a5efed7a88279a657b2f23f16_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/gateway-proxy-rhel9@sha256:e78dd744714feae5ae944c759759bff17c061c7ed2d3bd1454ba763131ed6ee0_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/gateway-rhel9-operator@sha256:de3d43a8d9a2cf0d533337e825b078205cc37b01c935a4f68ac152a8a7a7533c_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/gateway-rhel9-operator@sha256:eca1f9bd16210653a372e34a4f40ca4d6330618a2acba64f6f7c2e8e95026da1_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/gateway-rhel9@sha256:a961d06200887f646ed797932c3159634581fe144e5f29f1fef47ddc859eed31_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/gateway-rhel9@sha256:bd28a84fe3b750313749ec80d44cac88c7b06408b0caceea08d303f51c1f559a_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/hub-rhel9-operator@sha256:3312c6acd7a577bd8b3ccda5a65f8505ff76e2acc7a46e7f290a49dfb53cfac4_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/hub-rhel9-operator@sha256:c738cf5ef020b44a404402ddd660afc3d418a758751f848068bda4bc5bce0e35_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/hub-web-rhel9@sha256:adca5f837877df04696709a4826ccae31e2fdc50aa8bc32fabb4ef40cd51f0ef_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/hub-web-rhel9@sha256:fb8342f0f6b8322194bc357c7d9c9d89ef6ca052b88c5618bbf768f555a54b13_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/lightspeed-chatbot-rhel9@sha256:2fab408777ea512f3cf8ac57d5989fa0017f6352dcead3a320d348a3e2ac1004_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/lightspeed-chatbot-rhel9@sha256:c014148a6140721bb7733d5f30c7adbe3e2cc6f8a7cd6c3a939ab96f8c9420ee_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/lightspeed-rhel9-operator@sha256:121e0bfb87b57655db4a735762a26e23f1b3de7b105cbf09bb300043601c1b43_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/lightspeed-rhel9-operator@sha256:6a06579accd268ca5203edab2e46b89166ae6024507cc5b4bed2e126cdef7986_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/lightspeed-rhel9@sha256:d02ae0212655f8ef70afc7a0656a2fbc95468228b003f6940d01cf4abeb5325b_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/lightspeed-rhel9@sha256:d10f226739a001a0efc0178f19a73fad722dc85484017d13f388f749a374ffea_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/mcp-server-rhel9@sha256:302cf11b0faed78e07e863d4b1e7e31db47590b571239385475d8a4c3cda47dc_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/mcp-server-rhel9@sha256:7dbf390d29d295f346662b605448a9748e24b8f541a84f55b6b7c81b87c46025_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/mcp-tools-rhel9@sha256:e6c019048612b124e9a2100220d46f242f0fd2302bbe42e674bf84c21a56b733_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/mcp-tools-rhel9@sha256:f07206e7881bd11636bebb95f7ec9a70cc817f07d7b34f792265a5ec91d4432b_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/metrics-service-rhel9-operator@sha256:7007f666eadfd7294801e6412e624dbc4bd2288f13ea8820ee55e7552f471831_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/metrics-service-rhel9-operator@sha256:d71829d8bd9bfdba7d248e2e2cd5795139382947889b71bb96b27f7d443e1591_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/metrics-service-rhel9@sha256:ce4ef5c8af91d2056a034f9559a5d92742b18aea7aeaf03d2bacfa92d67c5b9b_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/metrics-service-rhel9@sha256:ee347c1a7b52e512d6bdd65afda44f0e372abbaf4c1f81750f23fc473becf777_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/platform-resource-rhel9-operator@sha256:3641db944490dd326c814487e1c10d5d9d079ba74f8321930ab277fe44b51705_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/platform-resource-rhel9-operator@sha256:7e6ea2d4253efb0aaabce270c56bf8ef84148592862608f501b639566b9996f0_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/platform-resource-runner-rhel9@sha256:41c9292a512f44347fc348afd6846e7e8832abde31452ee12ec8eca235acdce4_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/platform-resource-runner-rhel9@sha256:f30a9515d678d60e9ac035b876ecdaaa8a4852c87fe55e16bcabf598ad447b14_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/receptor-rhel9@sha256:1ad72d1f577d63894eec4278c1b92b6e295cb3c0543b4dd2e93750c2cc83d535_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/receptor-rhel9@sha256:5c5bc6761dbd47effea36014affa352bddd5a18696377967f1f50b75df2741fe_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform/platform-operator-bundle@sha256:32560cdb08b7da9d671f9b035e595971c5bdf865c56eb6825b9a4910add1b9cf_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform/platform-operator-bundle@sha256:8ef224281fd23b4203da09336df25550db17b01f025e99b8e9821d4bc3ddedfc_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2477154"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in urllib3, an HTTP client library for Python. This vulnerability allows a remote attacker to cause excessive resource consumption, such as high CPU usage and massive memory allocation, on the client side. This occurs when urllib3 attempts to decompress an entire HTTP response, even if only a partial read was requested, or when draining the connection after a partial decompression. This can lead to a Denial of Service (DoS) condition.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "urllib3: urllib3: Denial of Service due to excessive HTTP response decompression",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/eda-controller-rhel9@sha256:daefffce756c8c7918377279ada50a9cc127ab0939ed308c786940d5dc42e0d9_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/eda-controller-rhel9@sha256:dfde61892d055e89b056f7fb8863f3a0961df2bb8890323b8301670fc8afc66b_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/hub-rhel9@sha256:3a04de6f43c1352f5df5c5a9e19fd8aad23d2921d23dcef8a9f5e121a87fe800_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/hub-rhel9@sha256:cdd7f08ba3846269e6932375c1a7bdb4ed3bfe062ba7bcd5a872def4293150a6_amd64"
],
"known_not_affected": [
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/aap-must-gather-rhel9@sha256:51ed36bb2a95df762fa0239faf7bcc70b68dbd5f744bd2094f5e29ecc6700eb3_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/aap-must-gather-rhel9@sha256:8426a97219763cb74366755416683d79e8b56c95da290b0fa2fff59a5db51db3_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/ansible-builder-rhel9@sha256:0ddbc5f91472e5872912da6131e71df85e87b79ef8ea3d38bb4247f1456d4a00_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/ansible-builder-rhel9@sha256:f75e2056244899ae5e2ecab1404663bf554f7451cc521e0d7a75a2f40ecac7a1_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/ansible-dev-tools-rhel9@sha256:7dcd3a60624fa4f6c9f591ef8ffc48ba0f5152b7108a6070fa8f680c20168c95_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/ansible-dev-tools-rhel9@sha256:a8135ef1879793f311f2661c380bd5fbbedc14a4d195aeaa5a4cb04ad4845f49_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/ansible-devspaces-rhel9@sha256:2211c0e7cd573bf30873329c46e91f98ff01fcb7e0753823d4c0517217c31ac3_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/ansible-devspaces-rhel9@sha256:a6903f68684eb8f5bc688b75e390727b5ed48b864784657e49611966266c9f3f_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/controller-rhel9-operator@sha256:5ffa88952441ddab19ada1bd2603e3614b75d10ef51e38098c2d22d8b358b518_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/controller-rhel9-operator@sha256:afca3fb56256dcb7cb04a67fb52bff0160064c65f901a70fa3e97ed30ddaab7a_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/controller-rhel9@sha256:5e1a04dbcddc141f0026ccee871050cf974175b62c3d22b33e5ec3aec54128d3_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/controller-rhel9@sha256:ddb59951ccb324d8bd6ae9c6a6093f211bcb08d8cac7c4fb10f191e421aa59d3_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/de-minimal-rhel9@sha256:55ad63ce31700829d0df23692d02cb7796404b122f790f9329f4b742c5f6783e_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/de-minimal-rhel9@sha256:587ec88d08d4113f07778f81aae6de62c9e9d971b677b1375b547aa7dd1178c8_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/de-supported-rhel9@sha256:5aa7b2e33b9480f45faf8b4686bfb264838b5c1c62c537c5a2ec7b5a8617ac49_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/de-supported-rhel9@sha256:830fa58a60fbd7f768e236b2052edd1d37fc7cf383a0ccd65483b09fa5b07bd2_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/eda-controller-rhel9-operator@sha256:a18f77ccf6c524f5d0c11d34d6787b22548194b6897abd491de85b00fc1befd3_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/eda-controller-rhel9-operator@sha256:b58803576b7a2e119ffe83ceb252d8d402f1611c891c2c6ac7c4e0399acd848f_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/eda-controller-ui-rhel9@sha256:bd7350b62eb0f2de274eafd7dc32e4cf3073bd597e282268ff17777b9fe5d102_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/eda-controller-ui-rhel9@sha256:fe72e508123fdd2795959017e5572689b039d5bdfc675dc45673c5586fceea17_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/ee-minimal-rhel9@sha256:abaebe0c1fbc2a013fad8ec411a449705c8a78759b82ddbe661afd99e90dada5_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/ee-minimal-rhel9@sha256:c4f9e3356a2217008bd6f69325ae74d547703f1bcfe39bd74737f30c6914f711_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/ee-supported-rhel9@sha256:017495624b22a5825231dd70443dc9ab359da0df5ea16a5a04e0f4dc915b6e0f_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/ee-supported-rhel9@sha256:fcb7685115cfbf0a10ef87d6bb7a43c251c207a4fd7a31c5908cad85b6ae0e1a_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/gateway-proxy-rhel9@sha256:d15bd832817f039fa3c09d6d74088254b6fae15a5efed7a88279a657b2f23f16_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/gateway-proxy-rhel9@sha256:e78dd744714feae5ae944c759759bff17c061c7ed2d3bd1454ba763131ed6ee0_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/gateway-rhel9-operator@sha256:de3d43a8d9a2cf0d533337e825b078205cc37b01c935a4f68ac152a8a7a7533c_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/gateway-rhel9-operator@sha256:eca1f9bd16210653a372e34a4f40ca4d6330618a2acba64f6f7c2e8e95026da1_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/gateway-rhel9@sha256:a961d06200887f646ed797932c3159634581fe144e5f29f1fef47ddc859eed31_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/gateway-rhel9@sha256:bd28a84fe3b750313749ec80d44cac88c7b06408b0caceea08d303f51c1f559a_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/hub-rhel9-operator@sha256:3312c6acd7a577bd8b3ccda5a65f8505ff76e2acc7a46e7f290a49dfb53cfac4_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/hub-rhel9-operator@sha256:c738cf5ef020b44a404402ddd660afc3d418a758751f848068bda4bc5bce0e35_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/hub-web-rhel9@sha256:adca5f837877df04696709a4826ccae31e2fdc50aa8bc32fabb4ef40cd51f0ef_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/hub-web-rhel9@sha256:fb8342f0f6b8322194bc357c7d9c9d89ef6ca052b88c5618bbf768f555a54b13_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/lightspeed-chatbot-rhel9@sha256:2fab408777ea512f3cf8ac57d5989fa0017f6352dcead3a320d348a3e2ac1004_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/lightspeed-chatbot-rhel9@sha256:c014148a6140721bb7733d5f30c7adbe3e2cc6f8a7cd6c3a939ab96f8c9420ee_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/lightspeed-rhel9-operator@sha256:121e0bfb87b57655db4a735762a26e23f1b3de7b105cbf09bb300043601c1b43_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/lightspeed-rhel9-operator@sha256:6a06579accd268ca5203edab2e46b89166ae6024507cc5b4bed2e126cdef7986_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/lightspeed-rhel9@sha256:d02ae0212655f8ef70afc7a0656a2fbc95468228b003f6940d01cf4abeb5325b_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/lightspeed-rhel9@sha256:d10f226739a001a0efc0178f19a73fad722dc85484017d13f388f749a374ffea_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/mcp-server-rhel9@sha256:302cf11b0faed78e07e863d4b1e7e31db47590b571239385475d8a4c3cda47dc_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/mcp-server-rhel9@sha256:7dbf390d29d295f346662b605448a9748e24b8f541a84f55b6b7c81b87c46025_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/mcp-tools-rhel9@sha256:e6c019048612b124e9a2100220d46f242f0fd2302bbe42e674bf84c21a56b733_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/mcp-tools-rhel9@sha256:f07206e7881bd11636bebb95f7ec9a70cc817f07d7b34f792265a5ec91d4432b_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/metrics-service-rhel9-operator@sha256:7007f666eadfd7294801e6412e624dbc4bd2288f13ea8820ee55e7552f471831_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/metrics-service-rhel9-operator@sha256:d71829d8bd9bfdba7d248e2e2cd5795139382947889b71bb96b27f7d443e1591_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/metrics-service-rhel9@sha256:ce4ef5c8af91d2056a034f9559a5d92742b18aea7aeaf03d2bacfa92d67c5b9b_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/metrics-service-rhel9@sha256:ee347c1a7b52e512d6bdd65afda44f0e372abbaf4c1f81750f23fc473becf777_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/platform-resource-rhel9-operator@sha256:3641db944490dd326c814487e1c10d5d9d079ba74f8321930ab277fe44b51705_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/platform-resource-rhel9-operator@sha256:7e6ea2d4253efb0aaabce270c56bf8ef84148592862608f501b639566b9996f0_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/platform-resource-runner-rhel9@sha256:41c9292a512f44347fc348afd6846e7e8832abde31452ee12ec8eca235acdce4_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/platform-resource-runner-rhel9@sha256:f30a9515d678d60e9ac035b876ecdaaa8a4852c87fe55e16bcabf598ad447b14_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/receptor-rhel9@sha256:1ad72d1f577d63894eec4278c1b92b6e295cb3c0543b4dd2e93750c2cc83d535_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/receptor-rhel9@sha256:5c5bc6761dbd47effea36014affa352bddd5a18696377967f1f50b75df2741fe_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform/platform-operator-bundle@sha256:32560cdb08b7da9d671f9b035e595971c5bdf865c56eb6825b9a4910add1b9cf_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform/platform-operator-bundle@sha256:8ef224281fd23b4203da09336df25550db17b01f025e99b8e9821d4bc3ddedfc_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-44432"
},
{
"category": "external",
"summary": "RHBZ#2477154",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2477154"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-44432",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-44432"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-44432",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44432"
},
{
"category": "external",
"summary": "https://github.com/urllib3/urllib3/security/advisories/GHSA-mf9v-mfxr-j63j",
"url": "https://github.com/urllib3/urllib3/security/advisories/GHSA-mf9v-mfxr-j63j"
}
],
"release_date": "2026-05-13T15:17:12.611000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-15T08:51:13+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\nFor details on how to apply this update, refer to:\nhttps://docs.redhat.com/en/documentation/red_hat_ansible_automation_platform/2.7#Upgrade",
"product_ids": [
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/eda-controller-rhel9@sha256:daefffce756c8c7918377279ada50a9cc127ab0939ed308c786940d5dc42e0d9_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/eda-controller-rhel9@sha256:dfde61892d055e89b056f7fb8863f3a0961df2bb8890323b8301670fc8afc66b_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/hub-rhel9@sha256:3a04de6f43c1352f5df5c5a9e19fd8aad23d2921d23dcef8a9f5e121a87fe800_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/hub-rhel9@sha256:cdd7f08ba3846269e6932375c1a7bdb4ed3bfe062ba7bcd5a872def4293150a6_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:25928"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/aap-must-gather-rhel9@sha256:51ed36bb2a95df762fa0239faf7bcc70b68dbd5f744bd2094f5e29ecc6700eb3_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/aap-must-gather-rhel9@sha256:8426a97219763cb74366755416683d79e8b56c95da290b0fa2fff59a5db51db3_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/ansible-builder-rhel9@sha256:0ddbc5f91472e5872912da6131e71df85e87b79ef8ea3d38bb4247f1456d4a00_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/ansible-builder-rhel9@sha256:f75e2056244899ae5e2ecab1404663bf554f7451cc521e0d7a75a2f40ecac7a1_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/ansible-dev-tools-rhel9@sha256:7dcd3a60624fa4f6c9f591ef8ffc48ba0f5152b7108a6070fa8f680c20168c95_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/ansible-dev-tools-rhel9@sha256:a8135ef1879793f311f2661c380bd5fbbedc14a4d195aeaa5a4cb04ad4845f49_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/ansible-devspaces-rhel9@sha256:2211c0e7cd573bf30873329c46e91f98ff01fcb7e0753823d4c0517217c31ac3_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/ansible-devspaces-rhel9@sha256:a6903f68684eb8f5bc688b75e390727b5ed48b864784657e49611966266c9f3f_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/controller-rhel9-operator@sha256:5ffa88952441ddab19ada1bd2603e3614b75d10ef51e38098c2d22d8b358b518_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/controller-rhel9-operator@sha256:afca3fb56256dcb7cb04a67fb52bff0160064c65f901a70fa3e97ed30ddaab7a_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/controller-rhel9@sha256:5e1a04dbcddc141f0026ccee871050cf974175b62c3d22b33e5ec3aec54128d3_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/controller-rhel9@sha256:ddb59951ccb324d8bd6ae9c6a6093f211bcb08d8cac7c4fb10f191e421aa59d3_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/de-minimal-rhel9@sha256:55ad63ce31700829d0df23692d02cb7796404b122f790f9329f4b742c5f6783e_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/de-minimal-rhel9@sha256:587ec88d08d4113f07778f81aae6de62c9e9d971b677b1375b547aa7dd1178c8_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/de-supported-rhel9@sha256:5aa7b2e33b9480f45faf8b4686bfb264838b5c1c62c537c5a2ec7b5a8617ac49_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/de-supported-rhel9@sha256:830fa58a60fbd7f768e236b2052edd1d37fc7cf383a0ccd65483b09fa5b07bd2_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/eda-controller-rhel9-operator@sha256:a18f77ccf6c524f5d0c11d34d6787b22548194b6897abd491de85b00fc1befd3_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/eda-controller-rhel9-operator@sha256:b58803576b7a2e119ffe83ceb252d8d402f1611c891c2c6ac7c4e0399acd848f_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/eda-controller-rhel9@sha256:daefffce756c8c7918377279ada50a9cc127ab0939ed308c786940d5dc42e0d9_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/eda-controller-rhel9@sha256:dfde61892d055e89b056f7fb8863f3a0961df2bb8890323b8301670fc8afc66b_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/eda-controller-ui-rhel9@sha256:bd7350b62eb0f2de274eafd7dc32e4cf3073bd597e282268ff17777b9fe5d102_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/eda-controller-ui-rhel9@sha256:fe72e508123fdd2795959017e5572689b039d5bdfc675dc45673c5586fceea17_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/ee-minimal-rhel9@sha256:abaebe0c1fbc2a013fad8ec411a449705c8a78759b82ddbe661afd99e90dada5_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/ee-minimal-rhel9@sha256:c4f9e3356a2217008bd6f69325ae74d547703f1bcfe39bd74737f30c6914f711_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/ee-supported-rhel9@sha256:017495624b22a5825231dd70443dc9ab359da0df5ea16a5a04e0f4dc915b6e0f_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/ee-supported-rhel9@sha256:fcb7685115cfbf0a10ef87d6bb7a43c251c207a4fd7a31c5908cad85b6ae0e1a_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/gateway-proxy-rhel9@sha256:d15bd832817f039fa3c09d6d74088254b6fae15a5efed7a88279a657b2f23f16_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/gateway-proxy-rhel9@sha256:e78dd744714feae5ae944c759759bff17c061c7ed2d3bd1454ba763131ed6ee0_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/gateway-rhel9-operator@sha256:de3d43a8d9a2cf0d533337e825b078205cc37b01c935a4f68ac152a8a7a7533c_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/gateway-rhel9-operator@sha256:eca1f9bd16210653a372e34a4f40ca4d6330618a2acba64f6f7c2e8e95026da1_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/gateway-rhel9@sha256:a961d06200887f646ed797932c3159634581fe144e5f29f1fef47ddc859eed31_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/gateway-rhel9@sha256:bd28a84fe3b750313749ec80d44cac88c7b06408b0caceea08d303f51c1f559a_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/hub-rhel9-operator@sha256:3312c6acd7a577bd8b3ccda5a65f8505ff76e2acc7a46e7f290a49dfb53cfac4_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/hub-rhel9-operator@sha256:c738cf5ef020b44a404402ddd660afc3d418a758751f848068bda4bc5bce0e35_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/hub-rhel9@sha256:3a04de6f43c1352f5df5c5a9e19fd8aad23d2921d23dcef8a9f5e121a87fe800_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/hub-rhel9@sha256:cdd7f08ba3846269e6932375c1a7bdb4ed3bfe062ba7bcd5a872def4293150a6_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/hub-web-rhel9@sha256:adca5f837877df04696709a4826ccae31e2fdc50aa8bc32fabb4ef40cd51f0ef_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/hub-web-rhel9@sha256:fb8342f0f6b8322194bc357c7d9c9d89ef6ca052b88c5618bbf768f555a54b13_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/lightspeed-chatbot-rhel9@sha256:2fab408777ea512f3cf8ac57d5989fa0017f6352dcead3a320d348a3e2ac1004_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/lightspeed-chatbot-rhel9@sha256:c014148a6140721bb7733d5f30c7adbe3e2cc6f8a7cd6c3a939ab96f8c9420ee_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/lightspeed-rhel9-operator@sha256:121e0bfb87b57655db4a735762a26e23f1b3de7b105cbf09bb300043601c1b43_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/lightspeed-rhel9-operator@sha256:6a06579accd268ca5203edab2e46b89166ae6024507cc5b4bed2e126cdef7986_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/lightspeed-rhel9@sha256:d02ae0212655f8ef70afc7a0656a2fbc95468228b003f6940d01cf4abeb5325b_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/lightspeed-rhel9@sha256:d10f226739a001a0efc0178f19a73fad722dc85484017d13f388f749a374ffea_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/mcp-server-rhel9@sha256:302cf11b0faed78e07e863d4b1e7e31db47590b571239385475d8a4c3cda47dc_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/mcp-server-rhel9@sha256:7dbf390d29d295f346662b605448a9748e24b8f541a84f55b6b7c81b87c46025_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/mcp-tools-rhel9@sha256:e6c019048612b124e9a2100220d46f242f0fd2302bbe42e674bf84c21a56b733_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/mcp-tools-rhel9@sha256:f07206e7881bd11636bebb95f7ec9a70cc817f07d7b34f792265a5ec91d4432b_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/metrics-service-rhel9-operator@sha256:7007f666eadfd7294801e6412e624dbc4bd2288f13ea8820ee55e7552f471831_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/metrics-service-rhel9-operator@sha256:d71829d8bd9bfdba7d248e2e2cd5795139382947889b71bb96b27f7d443e1591_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/metrics-service-rhel9@sha256:ce4ef5c8af91d2056a034f9559a5d92742b18aea7aeaf03d2bacfa92d67c5b9b_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/metrics-service-rhel9@sha256:ee347c1a7b52e512d6bdd65afda44f0e372abbaf4c1f81750f23fc473becf777_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/platform-resource-rhel9-operator@sha256:3641db944490dd326c814487e1c10d5d9d079ba74f8321930ab277fe44b51705_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/platform-resource-rhel9-operator@sha256:7e6ea2d4253efb0aaabce270c56bf8ef84148592862608f501b639566b9996f0_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/platform-resource-runner-rhel9@sha256:41c9292a512f44347fc348afd6846e7e8832abde31452ee12ec8eca235acdce4_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/platform-resource-runner-rhel9@sha256:f30a9515d678d60e9ac035b876ecdaaa8a4852c87fe55e16bcabf598ad447b14_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/receptor-rhel9@sha256:1ad72d1f577d63894eec4278c1b92b6e295cb3c0543b4dd2e93750c2cc83d535_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/receptor-rhel9@sha256:5c5bc6761dbd47effea36014affa352bddd5a18696377967f1f50b75df2741fe_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform/platform-operator-bundle@sha256:32560cdb08b7da9d671f9b035e595971c5bdf865c56eb6825b9a4910add1b9cf_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform/platform-operator-bundle@sha256:8ef224281fd23b4203da09336df25550db17b01f025e99b8e9821d4bc3ddedfc_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "urllib3: urllib3: Denial of Service due to excessive HTTP response decompression"
},
{
"cve": "CVE-2026-48526",
"cwe": {
"id": "CWE-347",
"name": "Improper Verification of Cryptographic Signature"
},
"discovery_date": "2026-05-28T16:01:22.805235+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/aap-must-gather-rhel9@sha256:51ed36bb2a95df762fa0239faf7bcc70b68dbd5f744bd2094f5e29ecc6700eb3_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/aap-must-gather-rhel9@sha256:8426a97219763cb74366755416683d79e8b56c95da290b0fa2fff59a5db51db3_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/ansible-builder-rhel9@sha256:0ddbc5f91472e5872912da6131e71df85e87b79ef8ea3d38bb4247f1456d4a00_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/ansible-builder-rhel9@sha256:f75e2056244899ae5e2ecab1404663bf554f7451cc521e0d7a75a2f40ecac7a1_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/ansible-dev-tools-rhel9@sha256:7dcd3a60624fa4f6c9f591ef8ffc48ba0f5152b7108a6070fa8f680c20168c95_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/ansible-dev-tools-rhel9@sha256:a8135ef1879793f311f2661c380bd5fbbedc14a4d195aeaa5a4cb04ad4845f49_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/ansible-devspaces-rhel9@sha256:2211c0e7cd573bf30873329c46e91f98ff01fcb7e0753823d4c0517217c31ac3_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/ansible-devspaces-rhel9@sha256:a6903f68684eb8f5bc688b75e390727b5ed48b864784657e49611966266c9f3f_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/controller-rhel9-operator@sha256:5ffa88952441ddab19ada1bd2603e3614b75d10ef51e38098c2d22d8b358b518_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/controller-rhel9-operator@sha256:afca3fb56256dcb7cb04a67fb52bff0160064c65f901a70fa3e97ed30ddaab7a_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/controller-rhel9@sha256:5e1a04dbcddc141f0026ccee871050cf974175b62c3d22b33e5ec3aec54128d3_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/controller-rhel9@sha256:ddb59951ccb324d8bd6ae9c6a6093f211bcb08d8cac7c4fb10f191e421aa59d3_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/de-minimal-rhel9@sha256:55ad63ce31700829d0df23692d02cb7796404b122f790f9329f4b742c5f6783e_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/de-minimal-rhel9@sha256:587ec88d08d4113f07778f81aae6de62c9e9d971b677b1375b547aa7dd1178c8_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/de-supported-rhel9@sha256:5aa7b2e33b9480f45faf8b4686bfb264838b5c1c62c537c5a2ec7b5a8617ac49_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/de-supported-rhel9@sha256:830fa58a60fbd7f768e236b2052edd1d37fc7cf383a0ccd65483b09fa5b07bd2_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/eda-controller-rhel9-operator@sha256:a18f77ccf6c524f5d0c11d34d6787b22548194b6897abd491de85b00fc1befd3_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/eda-controller-rhel9-operator@sha256:b58803576b7a2e119ffe83ceb252d8d402f1611c891c2c6ac7c4e0399acd848f_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/eda-controller-rhel9@sha256:daefffce756c8c7918377279ada50a9cc127ab0939ed308c786940d5dc42e0d9_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/eda-controller-rhel9@sha256:dfde61892d055e89b056f7fb8863f3a0961df2bb8890323b8301670fc8afc66b_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/eda-controller-ui-rhel9@sha256:bd7350b62eb0f2de274eafd7dc32e4cf3073bd597e282268ff17777b9fe5d102_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/eda-controller-ui-rhel9@sha256:fe72e508123fdd2795959017e5572689b039d5bdfc675dc45673c5586fceea17_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/ee-minimal-rhel9@sha256:abaebe0c1fbc2a013fad8ec411a449705c8a78759b82ddbe661afd99e90dada5_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/ee-minimal-rhel9@sha256:c4f9e3356a2217008bd6f69325ae74d547703f1bcfe39bd74737f30c6914f711_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/gateway-proxy-rhel9@sha256:d15bd832817f039fa3c09d6d74088254b6fae15a5efed7a88279a657b2f23f16_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/gateway-proxy-rhel9@sha256:e78dd744714feae5ae944c759759bff17c061c7ed2d3bd1454ba763131ed6ee0_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/gateway-rhel9-operator@sha256:de3d43a8d9a2cf0d533337e825b078205cc37b01c935a4f68ac152a8a7a7533c_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/gateway-rhel9-operator@sha256:eca1f9bd16210653a372e34a4f40ca4d6330618a2acba64f6f7c2e8e95026da1_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/gateway-rhel9@sha256:a961d06200887f646ed797932c3159634581fe144e5f29f1fef47ddc859eed31_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/gateway-rhel9@sha256:bd28a84fe3b750313749ec80d44cac88c7b06408b0caceea08d303f51c1f559a_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/hub-rhel9-operator@sha256:3312c6acd7a577bd8b3ccda5a65f8505ff76e2acc7a46e7f290a49dfb53cfac4_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/hub-rhel9-operator@sha256:c738cf5ef020b44a404402ddd660afc3d418a758751f848068bda4bc5bce0e35_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/hub-web-rhel9@sha256:adca5f837877df04696709a4826ccae31e2fdc50aa8bc32fabb4ef40cd51f0ef_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/hub-web-rhel9@sha256:fb8342f0f6b8322194bc357c7d9c9d89ef6ca052b88c5618bbf768f555a54b13_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/lightspeed-rhel9-operator@sha256:121e0bfb87b57655db4a735762a26e23f1b3de7b105cbf09bb300043601c1b43_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/lightspeed-rhel9-operator@sha256:6a06579accd268ca5203edab2e46b89166ae6024507cc5b4bed2e126cdef7986_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/mcp-server-rhel9@sha256:302cf11b0faed78e07e863d4b1e7e31db47590b571239385475d8a4c3cda47dc_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/mcp-server-rhel9@sha256:7dbf390d29d295f346662b605448a9748e24b8f541a84f55b6b7c81b87c46025_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/metrics-service-rhel9-operator@sha256:7007f666eadfd7294801e6412e624dbc4bd2288f13ea8820ee55e7552f471831_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/metrics-service-rhel9-operator@sha256:d71829d8bd9bfdba7d248e2e2cd5795139382947889b71bb96b27f7d443e1591_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/metrics-service-rhel9@sha256:ce4ef5c8af91d2056a034f9559a5d92742b18aea7aeaf03d2bacfa92d67c5b9b_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/metrics-service-rhel9@sha256:ee347c1a7b52e512d6bdd65afda44f0e372abbaf4c1f81750f23fc473becf777_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/platform-resource-rhel9-operator@sha256:3641db944490dd326c814487e1c10d5d9d079ba74f8321930ab277fe44b51705_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/platform-resource-rhel9-operator@sha256:7e6ea2d4253efb0aaabce270c56bf8ef84148592862608f501b639566b9996f0_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/platform-resource-runner-rhel9@sha256:41c9292a512f44347fc348afd6846e7e8832abde31452ee12ec8eca235acdce4_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/platform-resource-runner-rhel9@sha256:f30a9515d678d60e9ac035b876ecdaaa8a4852c87fe55e16bcabf598ad447b14_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/receptor-rhel9@sha256:1ad72d1f577d63894eec4278c1b92b6e295cb3c0543b4dd2e93750c2cc83d535_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/receptor-rhel9@sha256:5c5bc6761dbd47effea36014affa352bddd5a18696377967f1f50b75df2741fe_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform/platform-operator-bundle@sha256:32560cdb08b7da9d671f9b035e595971c5bdf865c56eb6825b9a4910add1b9cf_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform/platform-operator-bundle@sha256:8ef224281fd23b4203da09336df25550db17b01f025e99b8e9821d4bc3ddedfc_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2482734"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in PyJWT, a Python library for JSON Web Token (JWT) implementation. When decoding JWTs, the library fails to validate the use of JSON Web Keys (JWK) in the HMAC algorithm while also supporting asymmetric algorithms. This allows a remote attacker to use the issuer\u0027s public key as the secret key for the HMAC algorithm, leading to the ability to forge JWTs. This vulnerability can result in authentication bypass or unauthorized access.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "python-pyjwt: PyJWT: Authentication bypass due to forged JSON Web Tokens",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/ee-supported-rhel9@sha256:017495624b22a5825231dd70443dc9ab359da0df5ea16a5a04e0f4dc915b6e0f_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/ee-supported-rhel9@sha256:fcb7685115cfbf0a10ef87d6bb7a43c251c207a4fd7a31c5908cad85b6ae0e1a_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/hub-rhel9@sha256:3a04de6f43c1352f5df5c5a9e19fd8aad23d2921d23dcef8a9f5e121a87fe800_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/hub-rhel9@sha256:cdd7f08ba3846269e6932375c1a7bdb4ed3bfe062ba7bcd5a872def4293150a6_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/lightspeed-chatbot-rhel9@sha256:2fab408777ea512f3cf8ac57d5989fa0017f6352dcead3a320d348a3e2ac1004_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/lightspeed-chatbot-rhel9@sha256:c014148a6140721bb7733d5f30c7adbe3e2cc6f8a7cd6c3a939ab96f8c9420ee_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/lightspeed-rhel9@sha256:d02ae0212655f8ef70afc7a0656a2fbc95468228b003f6940d01cf4abeb5325b_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/lightspeed-rhel9@sha256:d10f226739a001a0efc0178f19a73fad722dc85484017d13f388f749a374ffea_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/mcp-tools-rhel9@sha256:e6c019048612b124e9a2100220d46f242f0fd2302bbe42e674bf84c21a56b733_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/mcp-tools-rhel9@sha256:f07206e7881bd11636bebb95f7ec9a70cc817f07d7b34f792265a5ec91d4432b_arm64"
],
"known_not_affected": [
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/aap-must-gather-rhel9@sha256:51ed36bb2a95df762fa0239faf7bcc70b68dbd5f744bd2094f5e29ecc6700eb3_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/aap-must-gather-rhel9@sha256:8426a97219763cb74366755416683d79e8b56c95da290b0fa2fff59a5db51db3_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/ansible-builder-rhel9@sha256:0ddbc5f91472e5872912da6131e71df85e87b79ef8ea3d38bb4247f1456d4a00_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/ansible-builder-rhel9@sha256:f75e2056244899ae5e2ecab1404663bf554f7451cc521e0d7a75a2f40ecac7a1_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/ansible-dev-tools-rhel9@sha256:7dcd3a60624fa4f6c9f591ef8ffc48ba0f5152b7108a6070fa8f680c20168c95_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/ansible-dev-tools-rhel9@sha256:a8135ef1879793f311f2661c380bd5fbbedc14a4d195aeaa5a4cb04ad4845f49_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/ansible-devspaces-rhel9@sha256:2211c0e7cd573bf30873329c46e91f98ff01fcb7e0753823d4c0517217c31ac3_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/ansible-devspaces-rhel9@sha256:a6903f68684eb8f5bc688b75e390727b5ed48b864784657e49611966266c9f3f_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/controller-rhel9-operator@sha256:5ffa88952441ddab19ada1bd2603e3614b75d10ef51e38098c2d22d8b358b518_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/controller-rhel9-operator@sha256:afca3fb56256dcb7cb04a67fb52bff0160064c65f901a70fa3e97ed30ddaab7a_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/controller-rhel9@sha256:5e1a04dbcddc141f0026ccee871050cf974175b62c3d22b33e5ec3aec54128d3_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/controller-rhel9@sha256:ddb59951ccb324d8bd6ae9c6a6093f211bcb08d8cac7c4fb10f191e421aa59d3_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/de-minimal-rhel9@sha256:55ad63ce31700829d0df23692d02cb7796404b122f790f9329f4b742c5f6783e_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/de-minimal-rhel9@sha256:587ec88d08d4113f07778f81aae6de62c9e9d971b677b1375b547aa7dd1178c8_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/de-supported-rhel9@sha256:5aa7b2e33b9480f45faf8b4686bfb264838b5c1c62c537c5a2ec7b5a8617ac49_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/de-supported-rhel9@sha256:830fa58a60fbd7f768e236b2052edd1d37fc7cf383a0ccd65483b09fa5b07bd2_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/eda-controller-rhel9-operator@sha256:a18f77ccf6c524f5d0c11d34d6787b22548194b6897abd491de85b00fc1befd3_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/eda-controller-rhel9-operator@sha256:b58803576b7a2e119ffe83ceb252d8d402f1611c891c2c6ac7c4e0399acd848f_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/eda-controller-rhel9@sha256:daefffce756c8c7918377279ada50a9cc127ab0939ed308c786940d5dc42e0d9_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/eda-controller-rhel9@sha256:dfde61892d055e89b056f7fb8863f3a0961df2bb8890323b8301670fc8afc66b_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/eda-controller-ui-rhel9@sha256:bd7350b62eb0f2de274eafd7dc32e4cf3073bd597e282268ff17777b9fe5d102_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/eda-controller-ui-rhel9@sha256:fe72e508123fdd2795959017e5572689b039d5bdfc675dc45673c5586fceea17_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/ee-minimal-rhel9@sha256:abaebe0c1fbc2a013fad8ec411a449705c8a78759b82ddbe661afd99e90dada5_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/ee-minimal-rhel9@sha256:c4f9e3356a2217008bd6f69325ae74d547703f1bcfe39bd74737f30c6914f711_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/gateway-proxy-rhel9@sha256:d15bd832817f039fa3c09d6d74088254b6fae15a5efed7a88279a657b2f23f16_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/gateway-proxy-rhel9@sha256:e78dd744714feae5ae944c759759bff17c061c7ed2d3bd1454ba763131ed6ee0_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/gateway-rhel9-operator@sha256:de3d43a8d9a2cf0d533337e825b078205cc37b01c935a4f68ac152a8a7a7533c_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/gateway-rhel9-operator@sha256:eca1f9bd16210653a372e34a4f40ca4d6330618a2acba64f6f7c2e8e95026da1_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/gateway-rhel9@sha256:a961d06200887f646ed797932c3159634581fe144e5f29f1fef47ddc859eed31_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/gateway-rhel9@sha256:bd28a84fe3b750313749ec80d44cac88c7b06408b0caceea08d303f51c1f559a_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/hub-rhel9-operator@sha256:3312c6acd7a577bd8b3ccda5a65f8505ff76e2acc7a46e7f290a49dfb53cfac4_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/hub-rhel9-operator@sha256:c738cf5ef020b44a404402ddd660afc3d418a758751f848068bda4bc5bce0e35_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/hub-web-rhel9@sha256:adca5f837877df04696709a4826ccae31e2fdc50aa8bc32fabb4ef40cd51f0ef_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/hub-web-rhel9@sha256:fb8342f0f6b8322194bc357c7d9c9d89ef6ca052b88c5618bbf768f555a54b13_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/lightspeed-rhel9-operator@sha256:121e0bfb87b57655db4a735762a26e23f1b3de7b105cbf09bb300043601c1b43_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/lightspeed-rhel9-operator@sha256:6a06579accd268ca5203edab2e46b89166ae6024507cc5b4bed2e126cdef7986_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/mcp-server-rhel9@sha256:302cf11b0faed78e07e863d4b1e7e31db47590b571239385475d8a4c3cda47dc_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/mcp-server-rhel9@sha256:7dbf390d29d295f346662b605448a9748e24b8f541a84f55b6b7c81b87c46025_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/metrics-service-rhel9-operator@sha256:7007f666eadfd7294801e6412e624dbc4bd2288f13ea8820ee55e7552f471831_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/metrics-service-rhel9-operator@sha256:d71829d8bd9bfdba7d248e2e2cd5795139382947889b71bb96b27f7d443e1591_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/metrics-service-rhel9@sha256:ce4ef5c8af91d2056a034f9559a5d92742b18aea7aeaf03d2bacfa92d67c5b9b_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/metrics-service-rhel9@sha256:ee347c1a7b52e512d6bdd65afda44f0e372abbaf4c1f81750f23fc473becf777_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/platform-resource-rhel9-operator@sha256:3641db944490dd326c814487e1c10d5d9d079ba74f8321930ab277fe44b51705_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/platform-resource-rhel9-operator@sha256:7e6ea2d4253efb0aaabce270c56bf8ef84148592862608f501b639566b9996f0_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/platform-resource-runner-rhel9@sha256:41c9292a512f44347fc348afd6846e7e8832abde31452ee12ec8eca235acdce4_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/platform-resource-runner-rhel9@sha256:f30a9515d678d60e9ac035b876ecdaaa8a4852c87fe55e16bcabf598ad447b14_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/receptor-rhel9@sha256:1ad72d1f577d63894eec4278c1b92b6e295cb3c0543b4dd2e93750c2cc83d535_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/receptor-rhel9@sha256:5c5bc6761dbd47effea36014affa352bddd5a18696377967f1f50b75df2741fe_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform/platform-operator-bundle@sha256:32560cdb08b7da9d671f9b035e595971c5bdf865c56eb6825b9a4910add1b9cf_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform/platform-operator-bundle@sha256:8ef224281fd23b4203da09336df25550db17b01f025e99b8e9821d4bc3ddedfc_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-48526"
},
{
"category": "external",
"summary": "RHBZ#2482734",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2482734"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-48526",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-48526"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-48526",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-48526"
},
{
"category": "external",
"summary": "https://github.com/jpadilla/pyjwt/security/advisories/GHSA-xgmm-8j9v-c9wx",
"url": "https://github.com/jpadilla/pyjwt/security/advisories/GHSA-xgmm-8j9v-c9wx"
}
],
"release_date": "2026-05-28T15:09:09.258000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-15T08:51:13+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\nFor details on how to apply this update, refer to:\nhttps://docs.redhat.com/en/documentation/red_hat_ansible_automation_platform/2.7#Upgrade",
"product_ids": [
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/ee-supported-rhel9@sha256:017495624b22a5825231dd70443dc9ab359da0df5ea16a5a04e0f4dc915b6e0f_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/ee-supported-rhel9@sha256:fcb7685115cfbf0a10ef87d6bb7a43c251c207a4fd7a31c5908cad85b6ae0e1a_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/hub-rhel9@sha256:3a04de6f43c1352f5df5c5a9e19fd8aad23d2921d23dcef8a9f5e121a87fe800_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/hub-rhel9@sha256:cdd7f08ba3846269e6932375c1a7bdb4ed3bfe062ba7bcd5a872def4293150a6_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/lightspeed-chatbot-rhel9@sha256:2fab408777ea512f3cf8ac57d5989fa0017f6352dcead3a320d348a3e2ac1004_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/lightspeed-chatbot-rhel9@sha256:c014148a6140721bb7733d5f30c7adbe3e2cc6f8a7cd6c3a939ab96f8c9420ee_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/lightspeed-rhel9@sha256:d02ae0212655f8ef70afc7a0656a2fbc95468228b003f6940d01cf4abeb5325b_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/lightspeed-rhel9@sha256:d10f226739a001a0efc0178f19a73fad722dc85484017d13f388f749a374ffea_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/mcp-tools-rhel9@sha256:e6c019048612b124e9a2100220d46f242f0fd2302bbe42e674bf84c21a56b733_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/mcp-tools-rhel9@sha256:f07206e7881bd11636bebb95f7ec9a70cc817f07d7b34f792265a5ec91d4432b_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:25928"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/aap-must-gather-rhel9@sha256:51ed36bb2a95df762fa0239faf7bcc70b68dbd5f744bd2094f5e29ecc6700eb3_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/aap-must-gather-rhel9@sha256:8426a97219763cb74366755416683d79e8b56c95da290b0fa2fff59a5db51db3_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/ansible-builder-rhel9@sha256:0ddbc5f91472e5872912da6131e71df85e87b79ef8ea3d38bb4247f1456d4a00_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/ansible-builder-rhel9@sha256:f75e2056244899ae5e2ecab1404663bf554f7451cc521e0d7a75a2f40ecac7a1_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/ansible-dev-tools-rhel9@sha256:7dcd3a60624fa4f6c9f591ef8ffc48ba0f5152b7108a6070fa8f680c20168c95_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/ansible-dev-tools-rhel9@sha256:a8135ef1879793f311f2661c380bd5fbbedc14a4d195aeaa5a4cb04ad4845f49_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/ansible-devspaces-rhel9@sha256:2211c0e7cd573bf30873329c46e91f98ff01fcb7e0753823d4c0517217c31ac3_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/ansible-devspaces-rhel9@sha256:a6903f68684eb8f5bc688b75e390727b5ed48b864784657e49611966266c9f3f_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/controller-rhel9-operator@sha256:5ffa88952441ddab19ada1bd2603e3614b75d10ef51e38098c2d22d8b358b518_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/controller-rhel9-operator@sha256:afca3fb56256dcb7cb04a67fb52bff0160064c65f901a70fa3e97ed30ddaab7a_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/controller-rhel9@sha256:5e1a04dbcddc141f0026ccee871050cf974175b62c3d22b33e5ec3aec54128d3_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/controller-rhel9@sha256:ddb59951ccb324d8bd6ae9c6a6093f211bcb08d8cac7c4fb10f191e421aa59d3_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/de-minimal-rhel9@sha256:55ad63ce31700829d0df23692d02cb7796404b122f790f9329f4b742c5f6783e_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/de-minimal-rhel9@sha256:587ec88d08d4113f07778f81aae6de62c9e9d971b677b1375b547aa7dd1178c8_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/de-supported-rhel9@sha256:5aa7b2e33b9480f45faf8b4686bfb264838b5c1c62c537c5a2ec7b5a8617ac49_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/de-supported-rhel9@sha256:830fa58a60fbd7f768e236b2052edd1d37fc7cf383a0ccd65483b09fa5b07bd2_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/eda-controller-rhel9-operator@sha256:a18f77ccf6c524f5d0c11d34d6787b22548194b6897abd491de85b00fc1befd3_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/eda-controller-rhel9-operator@sha256:b58803576b7a2e119ffe83ceb252d8d402f1611c891c2c6ac7c4e0399acd848f_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/eda-controller-rhel9@sha256:daefffce756c8c7918377279ada50a9cc127ab0939ed308c786940d5dc42e0d9_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/eda-controller-rhel9@sha256:dfde61892d055e89b056f7fb8863f3a0961df2bb8890323b8301670fc8afc66b_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/eda-controller-ui-rhel9@sha256:bd7350b62eb0f2de274eafd7dc32e4cf3073bd597e282268ff17777b9fe5d102_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/eda-controller-ui-rhel9@sha256:fe72e508123fdd2795959017e5572689b039d5bdfc675dc45673c5586fceea17_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/ee-minimal-rhel9@sha256:abaebe0c1fbc2a013fad8ec411a449705c8a78759b82ddbe661afd99e90dada5_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/ee-minimal-rhel9@sha256:c4f9e3356a2217008bd6f69325ae74d547703f1bcfe39bd74737f30c6914f711_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/ee-supported-rhel9@sha256:017495624b22a5825231dd70443dc9ab359da0df5ea16a5a04e0f4dc915b6e0f_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/ee-supported-rhel9@sha256:fcb7685115cfbf0a10ef87d6bb7a43c251c207a4fd7a31c5908cad85b6ae0e1a_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/gateway-proxy-rhel9@sha256:d15bd832817f039fa3c09d6d74088254b6fae15a5efed7a88279a657b2f23f16_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/gateway-proxy-rhel9@sha256:e78dd744714feae5ae944c759759bff17c061c7ed2d3bd1454ba763131ed6ee0_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/gateway-rhel9-operator@sha256:de3d43a8d9a2cf0d533337e825b078205cc37b01c935a4f68ac152a8a7a7533c_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/gateway-rhel9-operator@sha256:eca1f9bd16210653a372e34a4f40ca4d6330618a2acba64f6f7c2e8e95026da1_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/gateway-rhel9@sha256:a961d06200887f646ed797932c3159634581fe144e5f29f1fef47ddc859eed31_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/gateway-rhel9@sha256:bd28a84fe3b750313749ec80d44cac88c7b06408b0caceea08d303f51c1f559a_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/hub-rhel9-operator@sha256:3312c6acd7a577bd8b3ccda5a65f8505ff76e2acc7a46e7f290a49dfb53cfac4_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/hub-rhel9-operator@sha256:c738cf5ef020b44a404402ddd660afc3d418a758751f848068bda4bc5bce0e35_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/hub-rhel9@sha256:3a04de6f43c1352f5df5c5a9e19fd8aad23d2921d23dcef8a9f5e121a87fe800_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/hub-rhel9@sha256:cdd7f08ba3846269e6932375c1a7bdb4ed3bfe062ba7bcd5a872def4293150a6_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/hub-web-rhel9@sha256:adca5f837877df04696709a4826ccae31e2fdc50aa8bc32fabb4ef40cd51f0ef_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/hub-web-rhel9@sha256:fb8342f0f6b8322194bc357c7d9c9d89ef6ca052b88c5618bbf768f555a54b13_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/lightspeed-chatbot-rhel9@sha256:2fab408777ea512f3cf8ac57d5989fa0017f6352dcead3a320d348a3e2ac1004_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/lightspeed-chatbot-rhel9@sha256:c014148a6140721bb7733d5f30c7adbe3e2cc6f8a7cd6c3a939ab96f8c9420ee_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/lightspeed-rhel9-operator@sha256:121e0bfb87b57655db4a735762a26e23f1b3de7b105cbf09bb300043601c1b43_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/lightspeed-rhel9-operator@sha256:6a06579accd268ca5203edab2e46b89166ae6024507cc5b4bed2e126cdef7986_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/lightspeed-rhel9@sha256:d02ae0212655f8ef70afc7a0656a2fbc95468228b003f6940d01cf4abeb5325b_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/lightspeed-rhel9@sha256:d10f226739a001a0efc0178f19a73fad722dc85484017d13f388f749a374ffea_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/mcp-server-rhel9@sha256:302cf11b0faed78e07e863d4b1e7e31db47590b571239385475d8a4c3cda47dc_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/mcp-server-rhel9@sha256:7dbf390d29d295f346662b605448a9748e24b8f541a84f55b6b7c81b87c46025_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/mcp-tools-rhel9@sha256:e6c019048612b124e9a2100220d46f242f0fd2302bbe42e674bf84c21a56b733_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/mcp-tools-rhel9@sha256:f07206e7881bd11636bebb95f7ec9a70cc817f07d7b34f792265a5ec91d4432b_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/metrics-service-rhel9-operator@sha256:7007f666eadfd7294801e6412e624dbc4bd2288f13ea8820ee55e7552f471831_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/metrics-service-rhel9-operator@sha256:d71829d8bd9bfdba7d248e2e2cd5795139382947889b71bb96b27f7d443e1591_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/metrics-service-rhel9@sha256:ce4ef5c8af91d2056a034f9559a5d92742b18aea7aeaf03d2bacfa92d67c5b9b_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/metrics-service-rhel9@sha256:ee347c1a7b52e512d6bdd65afda44f0e372abbaf4c1f81750f23fc473becf777_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/platform-resource-rhel9-operator@sha256:3641db944490dd326c814487e1c10d5d9d079ba74f8321930ab277fe44b51705_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/platform-resource-rhel9-operator@sha256:7e6ea2d4253efb0aaabce270c56bf8ef84148592862608f501b639566b9996f0_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/platform-resource-runner-rhel9@sha256:41c9292a512f44347fc348afd6846e7e8832abde31452ee12ec8eca235acdce4_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/platform-resource-runner-rhel9@sha256:f30a9515d678d60e9ac035b876ecdaaa8a4852c87fe55e16bcabf598ad447b14_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/receptor-rhel9@sha256:1ad72d1f577d63894eec4278c1b92b6e295cb3c0543b4dd2e93750c2cc83d535_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform-27/receptor-rhel9@sha256:5c5bc6761dbd47effea36014affa352bddd5a18696377967f1f50b75df2741fe_arm64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform/platform-operator-bundle@sha256:32560cdb08b7da9d671f9b035e595971c5bdf865c56eb6825b9a4910add1b9cf_amd64",
"Red Hat Ansible Automation Platform 2.7:registry.redhat.io/ansible-automation-platform/platform-operator-bundle@sha256:8ef224281fd23b4203da09336df25550db17b01f025e99b8e9821d4bc3ddedfc_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "python-pyjwt: PyJWT: Authentication bypass due to forged JSON Web Tokens"
}
]
}
RHSA-2026:26212
Vulnerability from csaf_redhat - Published: 2026-06-16 08:47 - Updated: 2026-06-23 21:53Summary
Red Hat Security Advisory: General availability of the satellite/iop-puptoo-rhel9 container image
Severity
Important
Notes
Topic: A new satellite/iop-puptoo-rhel9 container image is now generally available in the Red Hat container registry.
Details: Red Hat Lightspeed in Satellite analyzes system health and configuration by applying predefined rules to a small set of local data, such as installed packages, running services, and configuration settings. When you install Red Hat Lightspeed in Satellite locally, you can generate Red Hat Lightspeed recommendations without sending system data to Red Hat services.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in urllib3, an HTTP client library for Python. When using the low-level API via `ProxyManager.connection_from_url().urlopen()` with `assert_same_host=False`, cross-origin redirects can still forward sensitive headers. This could allow a remote attacker to gain unauthorized access to sensitive information.
5.9 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Satellite 6.18:registry.redhat.io/satellite/iop-puptoo-rhel9@sha256:f4ca1112b4909ceae1121123958c07eae9e869a9ac8a84ffcad8dc937b984c67_amd64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in urllib3, an HTTP client library for Python. This vulnerability allows a remote attacker to cause excessive resource consumption, such as high CPU usage and massive memory allocation, on the client side. This occurs when urllib3 attempts to decompress an entire HTTP response, even if only a partial read was requested, or when draining the connection after a partial decompression. This can lead to a Denial of Service (DoS) condition.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Satellite 6.18:registry.redhat.io/satellite/iop-puptoo-rhel9@sha256:f4ca1112b4909ceae1121123958c07eae9e869a9ac8a84ffcad8dc937b984c67_amd64 | — |
Vendor Fix
fix
|
Threats
Impact
Important
References
19 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "A new satellite/iop-puptoo-rhel9 container image is now generally available in the Red Hat container registry.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat Lightspeed in Satellite analyzes system health and configuration by applying predefined rules to a small set of local data, such as installed packages, running services, and configuration settings. When you install Red Hat Lightspeed in Satellite locally, you can generate Red Hat Lightspeed recommendations without sending system data to Red Hat services. ",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:26212",
"url": "https://access.redhat.com/errata/RHSA-2026:26212"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-us/red_hat_satellite/6.18/html/updating_red_hat_satellite/index",
"url": "https://access.redhat.com/documentation/en-us/red_hat_satellite/6.18/html/updating_red_hat_satellite/index"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-44431",
"url": "https://access.redhat.com/security/cve/CVE-2026-44431"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-44432",
"url": "https://access.redhat.com/security/cve/CVE-2026-44432"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "external",
"summary": "https://catalog.redhat.com/software/containers/search",
"url": "https://catalog.redhat.com/software/containers/search"
},
{
"category": "external",
"summary": "https://docs.redhat.com/en/documentation/red_hat_satellite/6.18/html/installing_satellite_server_in_a_connected_network_environment/performing-additional-configuration-on-server_satellite#installing-and-configuring-red-hat-lightspeed-in-satellite",
"url": "https://docs.redhat.com/en/documentation/red_hat_satellite/6.18/html/installing_satellite_server_in_a_connected_network_environment/performing-additional-configuration-on-server_satellite#installing-and-configuring-red-hat-lightspeed-in-satellite"
},
{
"category": "external",
"summary": "https://docs.redhat.com/en/documentation/red_hat_satellite/6.18/html/installing_satellite_server_in_a_disconnected_network_environment/performing-additional-configuration#installing-and-configuring-red-hat-lightspeed-in-satellite",
"url": "https://docs.redhat.com/en/documentation/red_hat_satellite/6.18/html/installing_satellite_server_in_a_disconnected_network_environment/performing-additional-configuration#installing-and-configuring-red-hat-lightspeed-in-satellite"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_26212.json"
}
],
"title": "Red Hat Security Advisory: General availability of the satellite/iop-puptoo-rhel9 container image",
"tracking": {
"current_release_date": "2026-06-23T21:53:25+00:00",
"generator": {
"date": "2026-06-23T21:53:25+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.0.0"
}
},
"id": "RHSA-2026:26212",
"initial_release_date": "2026-06-16T08:47:12+00:00",
"revision_history": [
{
"date": "2026-06-16T08:47:12+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-06-16T08:47:16+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-06-23T21:53:25+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Satellite 6.18",
"product": {
"name": "Red Hat Satellite 6.18",
"product_id": "Red Hat Satellite 6.18",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:satellite:6.18::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat Satellite"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/satellite/iop-puptoo-rhel9@sha256:f4ca1112b4909ceae1121123958c07eae9e869a9ac8a84ffcad8dc937b984c67_amd64",
"product": {
"name": "registry.redhat.io/satellite/iop-puptoo-rhel9@sha256:f4ca1112b4909ceae1121123958c07eae9e869a9ac8a84ffcad8dc937b984c67_amd64",
"product_id": "registry.redhat.io/satellite/iop-puptoo-rhel9@sha256:f4ca1112b4909ceae1121123958c07eae9e869a9ac8a84ffcad8dc937b984c67_amd64",
"product_identification_helper": {
"purl": "pkg:oci/iop-puptoo-rhel9@sha256%3Af4ca1112b4909ceae1121123958c07eae9e869a9ac8a84ffcad8dc937b984c67?arch=amd64\u0026repository_url=registry.redhat.io/satellite/iop-puptoo-rhel9\u0026tag=1779792651"
}
}
}
],
"category": "architecture",
"name": "amd64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/satellite/iop-puptoo-rhel9@sha256:f4ca1112b4909ceae1121123958c07eae9e869a9ac8a84ffcad8dc937b984c67_amd64 as a component of Red Hat Satellite 6.18",
"product_id": "Red Hat Satellite 6.18:registry.redhat.io/satellite/iop-puptoo-rhel9@sha256:f4ca1112b4909ceae1121123958c07eae9e869a9ac8a84ffcad8dc937b984c67_amd64"
},
"product_reference": "registry.redhat.io/satellite/iop-puptoo-rhel9@sha256:f4ca1112b4909ceae1121123958c07eae9e869a9ac8a84ffcad8dc937b984c67_amd64",
"relates_to_product_reference": "Red Hat Satellite 6.18"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-44431",
"cwe": {
"id": "CWE-201",
"name": "Insertion of Sensitive Information Into Sent Data"
},
"discovery_date": "2026-05-13T17:01:41.663622+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2477167"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in urllib3, an HTTP client library for Python. When using the low-level API via `ProxyManager.connection_from_url().urlopen()` with `assert_same_host=False`, cross-origin redirects can still forward sensitive headers. This could allow a remote attacker to gain unauthorized access to sensitive information.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "urllib3: urllib3: Information disclosure via cross-origin redirects forwarding sensitive headers",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Satellite 6.18:registry.redhat.io/satellite/iop-puptoo-rhel9@sha256:f4ca1112b4909ceae1121123958c07eae9e869a9ac8a84ffcad8dc937b984c67_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-44431"
},
{
"category": "external",
"summary": "RHBZ#2477167",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2477167"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-44431",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-44431"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-44431",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44431"
},
{
"category": "external",
"summary": "https://github.com/urllib3/urllib3/security/advisories/GHSA-qccp-gfcp-xxvc",
"url": "https://github.com/urllib3/urllib3/security/advisories/GHSA-qccp-gfcp-xxvc"
}
],
"release_date": "2026-05-13T15:20:24.588000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-16T08:47:12+00:00",
"details": "For Red Hat Lightspeed in Satellite installation see the Red Hat Satellite documentation.",
"product_ids": [
"Red Hat Satellite 6.18:registry.redhat.io/satellite/iop-puptoo-rhel9@sha256:f4ca1112b4909ceae1121123958c07eae9e869a9ac8a84ffcad8dc937b984c67_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:26212"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"Red Hat Satellite 6.18:registry.redhat.io/satellite/iop-puptoo-rhel9@sha256:f4ca1112b4909ceae1121123958c07eae9e869a9ac8a84ffcad8dc937b984c67_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "urllib3: urllib3: Information disclosure via cross-origin redirects forwarding sensitive headers"
},
{
"cve": "CVE-2026-44432",
"cwe": {
"id": "CWE-409",
"name": "Improper Handling of Highly Compressed Data (Data Amplification)"
},
"discovery_date": "2026-05-13T17:01:01.083841+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2477154"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in urllib3, an HTTP client library for Python. This vulnerability allows a remote attacker to cause excessive resource consumption, such as high CPU usage and massive memory allocation, on the client side. This occurs when urllib3 attempts to decompress an entire HTTP response, even if only a partial read was requested, or when draining the connection after a partial decompression. This can lead to a Denial of Service (DoS) condition.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "urllib3: urllib3: Denial of Service due to excessive HTTP response decompression",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Satellite 6.18:registry.redhat.io/satellite/iop-puptoo-rhel9@sha256:f4ca1112b4909ceae1121123958c07eae9e869a9ac8a84ffcad8dc937b984c67_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-44432"
},
{
"category": "external",
"summary": "RHBZ#2477154",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2477154"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-44432",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-44432"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-44432",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44432"
},
{
"category": "external",
"summary": "https://github.com/urllib3/urllib3/security/advisories/GHSA-mf9v-mfxr-j63j",
"url": "https://github.com/urllib3/urllib3/security/advisories/GHSA-mf9v-mfxr-j63j"
}
],
"release_date": "2026-05-13T15:17:12.611000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-16T08:47:12+00:00",
"details": "For Red Hat Lightspeed in Satellite installation see the Red Hat Satellite documentation.",
"product_ids": [
"Red Hat Satellite 6.18:registry.redhat.io/satellite/iop-puptoo-rhel9@sha256:f4ca1112b4909ceae1121123958c07eae9e869a9ac8a84ffcad8dc937b984c67_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:26212"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Satellite 6.18:registry.redhat.io/satellite/iop-puptoo-rhel9@sha256:f4ca1112b4909ceae1121123958c07eae9e869a9ac8a84ffcad8dc937b984c67_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "urllib3: urllib3: Denial of Service due to excessive HTTP response decompression"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…