Threats Tagged 'cve-2026-27606'

Red Hat Ansible Automation Platform 2. 6 has multiple security vulnerabilities affecting components such as automation-controller, automation-gateway, automation-platform-ui, and various Python libraries. These issues include account hijacking via unverified email linking, denial of service through malformed inputs, buffer overflows, remote code execution via path traversal, and incorrect parsing of IPv6 literals. The vulnerabilities collectively pose risks of unauthorized access, denial of service, and remote code execution. Red Hat has issued an important security advisory with patches addressing these issues for supported versions of the platform.

Red Hat Ansible Automation Platform 2. 5 for RHEL 8 and 9 contains multiple security vulnerabilities including account hijacking via unverified email linking, denial of service through malformed HTML-like sequences and XML entity expansion, remote code execution via path traversal, memory exhaustion, and parsing errors. These issues affect various components such as automation-controller, automation-gateway, python libraries, and receptor. Red Hat has released an important security advisory (RHSA-2026:13512) addressing these vulnerabilities with updated packages. Users of affected versions should apply the provided updates to remediate these issues.

Red Hat has issued a security advisory for Red Hat Ansible Automation Platform 2. 6 container release update addressing multiple vulnerabilities. The update includes fixes for a total of 24 CVEs affecting the platform, which provides an enterprise framework for IT automation. The advisory emphasizes applying all previously released errata before this update. No known exploits are reported in the wild. The vulnerabilities cover a broad range of weaknesses as indicated by multiple CWE identifiers. The update is classified with high severity.

The Red Hat Trusted Artifact Signer (RHTAS) Operator version 1. 3. 4 is associated with multiple vulnerabilities, including CVE-2025-68121 and seven others. It is designed for use with OpenShift Container Platform versions 4. 16 through 4. 21 to facilitate cryptographic signing and verification of software artifacts. The advisory does not specify any fixes or patches for these vulnerabilities. No known exploits are reported in the wild. The vulnerabilities have been classified with a high severity level by the source, but no CVSS score is provided.

Red Hat OpenShift Dev Spaces 3. 27. 1 is a cloud developer workspace server and browser-based IDE designed for container-based development on OpenShift. The 3. 27 release introduces support for devfile v2. 1 and v2. 2 standards, urging users to migrate from the deprecated v1 standard. This advisory references multiple CVEs, including CVE-2025-61728, indicating a collection of vulnerabilities affecting this product version. No specific fixes or patches are detailed in the advisory, and users are encouraged to update to supported OpenShift releases (v4. 16 and higher) to continue receiving updates.

Red Hat Developer Hub (RHDH) 1. 9. 3 addresses multiple security vulnerabilities affecting its enterprise-grade developer portal based on Backstage. io. The vulnerabilities include a range of issues identified by 15 CVEs, covering weaknesses such as improper input validation, code injection, and path traversal. The advisory indicates a high severity level and provides updated images and fixes for identified bugs. No known exploits are reported in the wild. The vendor advisory does not explicitly confirm patch availability but announces the 1. 9. 3 release as a security update addressing these issues.