Threats Tagged 'cve-2026-48526'

Red Hat has issued a security advisory for Red Hat Ansible Automation Platform 2.7 container release update addressing multiple vulnerabilities. The platform provides an enterprise framework for IT automation at scale. The advisory references four CVEs (CVE-2026-44188, CVE-2026-44431, CVE-2026-44432, CVE-2026-48526) with associated CWEs including resource management errors and information exposure. The update is classified as important and high severity. Users are advised to apply the update after ensuring all previous errata are applied. No specific affected versions are detailed in the advisory.

The fence-agents packages provide a collection of scripts for handling remote power management for cluster devices. They allow failed or unreachable nodes to be forcibly restarted and removed from the cluster. Security Fix(es): * python-pyjwt: PyJWT: Authentication bypass due to forged JSON Web Tokens (CVE-2026-48526) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

PyJWT versions prior to 2.13.0 contain an improper authentication vulnerability where the library fails to validate the use of JSON Web Keys (JWK) in HMAC algorithms. This allows an attacker to misuse the issuer's public key as the secret key for HMAC verification. The vulnerability is identified as CWE-287 and CWE-347 and has a CVSS score of 7.4, indicating high severity. The issue is fixed in version 2.13.0 of PyJWT.