{"id":"RHSA-2026:34160","summary":"Red Hat Security Advisory: Red Hat Ansible Automation Platform 2.6 Product Security and Bug Fix Update","modified":"2026-07-10T10:09:39Z","published":"2026-07-02T10:17:34Z","upstream":["CVE-2026-6322","CVE-2026-33154","CVE-2026-41240","CVE-2026-42035","CVE-2026-44293","CVE-2026-44431","CVE-2026-44432","CVE-2026-44488","CVE-2026-44495","CVE-2026-48526"],"references":[{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2026:34160"},{"type":"ARTICLE","url":"https://access.redhat.com/security/updates/classification/#important"},{"type":"ARTICLE","url":"https://docs.redhat.com/en/documentation/red_hat_ansible_automation_platform/2.6/whats_new-async_updates"},{"type":"ARTICLE","url":"https://docs.redhat.com/en/documentation/red_hat_ansible_automation_platform/2.6#Upgrade"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2449774"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2461147"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2461606"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2466684"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2477104"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2477154"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2477167"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2482734"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2487937"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2487949"},{"type":"ADVISORY","url":"https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_34160.json"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2026-6322"},{"type":"ADVISORY","url":"https://www.cve.org/CVERecord?id=CVE-2026-6322"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-6322"},{"type":"ARTICLE","url":"https://cna.openjsf.org/security-advisories.html"},{"type":"ARTICLE","url":"https://github.com/fastify/fast-uri/security/advisories/GHSA-v39h-62p7-jpjc"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2026-33154"},{"type":"ADVISORY","url":"https://www.cve.org/CVERecord?id=CVE-2026-33154"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-33154"},{"type":"ARTICLE","url":"https://github.com/dynaconf/dynaconf/commit/2fbb45ee36b8c0caa5b924fe19f3c1a5e8603fa7"},{"type":"ARTICLE","url":"https://github.com/dynaconf/dynaconf/releases/tag/3.2.13"},{"type":"ARTICLE","url":"https://github.com/dynaconf/dynaconf/security/advisories/GHSA-pxrr-hq57-q35p"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2026-41240"},{"type":"ADVISORY","url":"https://www.cve.org/CVERecord?id=CVE-2026-41240"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-41240"},{"type":"ARTICLE","url":"https://github.com/cure53/DOMPurify/commit/c361baa18dbdcb3344a41110f4c48ad85bf48f80"},{"type":"ARTICLE","url":"https://github.com/cure53/DOMPurify/releases/tag/3.4.0"},{"type":"ARTICLE","url":"https://github.com/cure53/DOMPurify/security/advisories/GHSA-h7mw-gpvr-xq4m"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2026-42035"},{"type":"ADVISORY","url":"https://www.cve.org/CVERecord?id=CVE-2026-42035"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-42035"},{"type":"ARTICLE","url":"https://github.com/axios/axios/security/advisories/GHSA-6chq-wfr3-2hj9"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2026-44293"},{"type":"ADVISORY","url":"https://www.cve.org/CVERecord?id=CVE-2026-44293"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-44293"},{"type":"ARTICLE","url":"https://github.com/protobufjs/protobuf.js/security/advisories/GHSA-66ff-xgx4-vchm"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2026-44431"},{"type":"ADVISORY","url":"https://www.cve.org/CVERecord?id=CVE-2026-44431"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-44431"},{"type":"ARTICLE","url":"https://github.com/urllib3/urllib3/security/advisories/GHSA-qccp-gfcp-xxvc"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2026-44432"},{"type":"ADVISORY","url":"https://www.cve.org/CVERecord?id=CVE-2026-44432"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-44432"},{"type":"ARTICLE","url":"https://github.com/urllib3/urllib3/security/advisories/GHSA-mf9v-mfxr-j63j"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2026-44488"},{"type":"ADVISORY","url":"https://www.cve.org/CVERecord?id=CVE-2026-44488"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-44488"},{"type":"ARTICLE","url":"https://github.com/axios/axios/security/advisories/GHSA-777c-7fjr-54vf"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2026-44495"},{"type":"ADVISORY","url":"https://www.cve.org/CVERecord?id=CVE-2026-44495"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-44495"},{"type":"ARTICLE","url":"https://github.com/axios/axios/security/advisories/GHSA-3g43-6gmg-66jw"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2026-48526"},{"type":"ADVISORY","url":"https://www.cve.org/CVERecord?id=CVE-2026-48526"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-48526"},{"type":"ARTICLE","url":"https://github.com/jpadilla/pyjwt/security/advisories/GHSA-xgmm-8j9v-c9wx"}],"affected":[{"package":{"name":"automation-platform-ui","ecosystem":"Red Hat:ansible_automation_platform:2.6::el9","purl":"pkg:rpm/redhat/automation-platform-ui"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:2.6.10-1.el9ap"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2026:34160.json"}},{"package":{"name":"automation-controller","ecosystem":"Red Hat:ansible_automation_platform_developer:2.6::el9","purl":"pkg:rpm/redhat/automation-controller"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:4.7.13-2.el9ap"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2026:34160.json"}},{"package":{"name":"automation-controller-cli","ecosystem":"Red Hat:ansible_automation_platform_developer:2.6::el9","purl":"pkg:rpm/redhat/automation-controller-cli"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:4.7.13-2.el9ap"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2026:34160.json"}},{"package":{"name":"automation-controller","ecosystem":"Red Hat:ansible_automation_platform:2.6::el9","purl":"pkg:rpm/redhat/automation-controller"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:4.7.13-2.el9ap"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2026:34160.json"}},{"package":{"name":"automation-controller-cli","ecosystem":"Red Hat:ansible_automation_platform:2.6::el9","purl":"pkg:rpm/redhat/automation-controller-cli"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:4.7.13-2.el9ap"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2026:34160.json"}},{"package":{"name":"automation-controller-server","ecosystem":"Red Hat:ansible_automation_platform:2.6::el9","purl":"pkg:rpm/redhat/automation-controller-server"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:4.7.13-2.el9ap"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2026:34160.json"}},{"package":{"name":"automation-controller-ui","ecosystem":"Red Hat:ansible_automation_platform:2.6::el9","purl":"pkg:rpm/redhat/automation-controller-ui"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:4.7.13-2.el9ap"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2026:34160.json"}},{"package":{"name":"automation-controller-venv-tower","ecosystem":"Red Hat:ansible_automation_platform:2.6::el9","purl":"pkg:rpm/redhat/automation-controller-venv-tower"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:4.7.13-2.el9ap"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2026:34160.json"}},{"package":{"name":"python3.12-urllib3","ecosystem":"Red Hat:ansible_automation_platform_developer:2.6::el9","purl":"pkg:rpm/redhat/python3.12-urllib3"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:2.7.0-1.el9ap"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2026:34160.json"}},{"package":{"name":"python3.12-urllib3","ecosystem":"Red Hat:ansible_automation_platform:2.6::el9","purl":"pkg:rpm/redhat/python3.12-urllib3"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:2.7.0-1.el9ap"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2026:34160.json"}},{"package":{"name":"python3.12-pyjwt+crypto","ecosystem":"Red Hat:ansible_automation_platform:2.6::el9","purl":"pkg:rpm/redhat/python3.12-pyjwt%2Bcrypto"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:2.13.0-1.el9ap"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2026:34160.json"}},{"package":{"name":"python3.12-pyjwt","ecosystem":"Red Hat:ansible_automation_platform:2.6::el9","purl":"pkg:rpm/redhat/python3.12-pyjwt"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:2.13.0-1.el9ap"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2026:34160.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N"}]}