{"id":"RHSA-2026:24761","summary":"Red Hat Security Advisory: Red Hat Ansible Automation Platform 2.5 Product Security and Bug Fix Update","modified":"2026-06-11T10:17:41.636152126Z","published":"2026-06-10T10:07:59Z","related":["GO-2026-4864","GO-2026-4870","GO-2026-4947"],"upstream":["CVE-2025-62718","CVE-2026-4926","CVE-2026-7246","CVE-2026-26996","CVE-2026-27904","CVE-2026-30922","CVE-2026-32280","CVE-2026-32282","CVE-2026-32283","CVE-2026-33891","CVE-2026-33894","CVE-2026-33895","CVE-2026-33896","CVE-2026-39363","CVE-2026-39892","CVE-2026-40192"],"references":[{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2026:24761"},{"type":"ARTICLE","url":"https://access.redhat.com/security/updates/classification/#important"},{"type":"ARTICLE","url":"https://docs.redhat.com/en/documentation/red_hat_ansible_automation_platform/2.5/html/release_notes/patch_releases"},{"type":"ARTICLE","url":"https://docs.redhat.com/en/documentation/red_hat_ansible_automation_platform/2.5#Upgrading"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2441268"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2442922"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2448553"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2451867"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2452450"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2452457"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2452458"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2452464"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2456179"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2456336"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2456338"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2456339"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2456735"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2456913"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2458856"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2464121"},{"type":"ADVISORY","url":"https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_24761.json"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2025-62718"},{"type":"ADVISORY","url":"https://www.cve.org/CVERecord?id=CVE-2025-62718"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-62718"},{"type":"ARTICLE","url":"https://datatracker.ietf.org/doc/html/rfc1034#section-3.1"},{"type":"ARTICLE","url":"https://datatracker.ietf.org/doc/html/rfc3986#section-3.2.2"},{"type":"ARTICLE","url":"https://github.com/axios/axios/commit/fb3befb6daac6cad26b2e54094d0f2d9e47f24df"},{"type":"ARTICLE","url":"https://github.com/axios/axios/pull/10661"},{"type":"ARTICLE","url":"https://github.com/axios/axios/releases/tag/v1.15.0"},{"type":"ARTICLE","url":"https://github.com/axios/axios/security/advisories/GHSA-3p68-rc4w-qgx5"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2026-4926"},{"type":"ADVISORY","url":"https://www.cve.org/CVERecord?id=CVE-2026-4926"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-4926"},{"type":"ARTICLE","url":"https://cna.openjsf.org/security-advisories.html"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2026-7246"},{"type":"ADVISORY","url":"https://www.cve.org/CVERecord?id=CVE-2026-7246"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-7246"},{"type":"ARTICLE","url":"https://github.com/pallets/click/releases/tag/8.3.3"},{"type":"ARTICLE","url":"https://github.com/tsigouris007/security-advisories/security/advisories/GHSA-47fr-3ffg-hgmw"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2026-26996"},{"type":"ADVISORY","url":"https://www.cve.org/CVERecord?id=CVE-2026-26996"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-26996"},{"type":"ARTICLE","url":"https://github.com/isaacs/minimatch/commit/2e111f3a79abc00fa73110195de2c0f2351904f5"},{"type":"ARTICLE","url":"https://github.com/isaacs/minimatch/security/advisories/GHSA-3ppc-4f35-3m26"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2026-27904"},{"type":"ADVISORY","url":"https://www.cve.org/CVERecord?id=CVE-2026-27904"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-27904"},{"type":"ARTICLE","url":"https://github.com/isaacs/minimatch/security/advisories/GHSA-23c5-xmqv-rm74"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2026-30922"},{"type":"ADVISORY","url":"https://www.cve.org/CVERecord?id=CVE-2026-30922"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-30922"},{"type":"ARTICLE","url":"https://github.com/pyasn1/pyasn1/commit/25ad481c19fdb006e20485ef3fc2e5b3eff30ef0"},{"type":"ARTICLE","url":"https://github.com/pyasn1/pyasn1/security/advisories/GHSA-jr27-m4p2-rc6r"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2026-32280"},{"type":"ADVISORY","url":"https://www.cve.org/CVERecord?id=CVE-2026-32280"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-32280"},{"type":"ARTICLE","url":"https://go.dev/cl/758320"},{"type":"ARTICLE","url":"https://go.dev/issue/78282"},{"type":"ARTICLE","url":"https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU"},{"type":"ADVISORY","url":"https://pkg.go.dev/vuln/GO-2026-4947"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2026-32282"},{"type":"ADVISORY","url":"https://www.cve.org/CVERecord?id=CVE-2026-32282"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-32282"},{"type":"ARTICLE","url":"https://go.dev/cl/763761"},{"type":"ARTICLE","url":"https://go.dev/issue/78293"},{"type":"ADVISORY","url":"https://pkg.go.dev/vuln/GO-2026-4864"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2026-32283"},{"type":"ADVISORY","url":"https://www.cve.org/CVERecord?id=CVE-2026-32283"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-32283"},{"type":"ARTICLE","url":"https://go.dev/cl/763767"},{"type":"ARTICLE","url":"https://go.dev/issue/78334"},{"type":"ADVISORY","url":"https://pkg.go.dev/vuln/GO-2026-4870"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2026-33891"},{"type":"ADVISORY","url":"https://www.cve.org/CVERecord?id=CVE-2026-33891"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-33891"},{"type":"ARTICLE","url":"https://github.com/digitalbazaar/forge/commit/9bb8d67b99d17e4ebb5fd7596cd699e11f25d023"},{"type":"ARTICLE","url":"https://github.com/digitalbazaar/forge/security/advisories/GHSA-5m6q-g25r-mvwx"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2026-33894"},{"type":"ADVISORY","url":"https://www.cve.org/CVERecord?id=CVE-2026-33894"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-33894"},{"type":"ARTICLE","url":"https://datatracker.ietf.org/doc/html/rfc2313#section-8"},{"type":"ARTICLE","url":"https://github.com/digitalbazaar/forge/security/advisories/GHSA-ppp5-5v6c-4jwp"},{"type":"ARTICLE","url":"https://mailarchive.ietf.org/arch/msg/openpgp/5rnE9ZRN1AokBVj3VqblGlP63QE"},{"type":"ARTICLE","url":"https://www.rfc-editor.org/rfc/rfc8017.html"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2026-33895"},{"type":"ADVISORY","url":"https://www.cve.org/CVERecord?id=CVE-2026-33895"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-33895"},{"type":"ARTICLE","url":"https://datatracker.ietf.org/doc/html/rfc8032#section-8.4"},{"type":"ARTICLE","url":"https://github.com/digitalbazaar/forge/commit/bdecf11571c9f1a487cc0fe72fe78ff6dfa96b85"},{"type":"ARTICLE","url":"https://github.com/digitalbazaar/forge/security/advisories/GHSA-q67f-28xg-22rw"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2026-33896"},{"type":"ADVISORY","url":"https://www.cve.org/CVERecord?id=CVE-2026-33896"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-33896"},{"type":"ARTICLE","url":"https://github.com/digitalbazaar/forge/commit/2e492832fb25227e6b647cbe1ac981c123171e90"},{"type":"ARTICLE","url":"https://github.com/digitalbazaar/forge/security/advisories/GHSA-2328-f5f3-gj25"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2026-39363"},{"type":"ADVISORY","url":"https://www.cve.org/CVERecord?id=CVE-2026-39363"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-39363"},{"type":"ARTICLE","url":"https://github.com/vitejs/vite/security/advisories/GHSA-p9ff-h696-f583"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2026-39892"},{"type":"ADVISORY","url":"https://www.cve.org/CVERecord?id=CVE-2026-39892"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-39892"},{"type":"ARTICLE","url":"http://www.openwall.com/lists/oss-security/2026/04/08/12"},{"type":"ARTICLE","url":"https://github.com/pyca/cryptography/commit/622d672e429a7cff836a23c5903683dbec1901f5"},{"type":"ARTICLE","url":"https://github.com/pyca/cryptography/security/advisories/GHSA-p423-j2cm-9vmq"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2026-40192"},{"type":"ADVISORY","url":"https://www.cve.org/CVERecord?id=CVE-2026-40192"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-40192"},{"type":"ARTICLE","url":"https://github.com/python-pillow/Pillow/commit/3cb854e8b2bab43f40e342e665f9340d861aa628"},{"type":"ARTICLE","url":"https://github.com/python-pillow/Pillow/pull/9521"},{"type":"ARTICLE","url":"https://github.com/python-pillow/Pillow/security/advisories/GHSA-whj4-6x5x-4v2j"},{"type":"ARTICLE","url":"https://pillow.readthedocs.io/en/stable/releasenotes/12.2.0.html#prevent-fits-decompression-bomb"}],"affected":[{"package":{"name":"automation-gateway-server","ecosystem":"Red Hat:ansible_automation_platform:2.5::el8","purl":"pkg:rpm/redhat/automation-gateway-server"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:2.5.20260422-3.el8ap"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2026:24761.json"}},{"package":{"name":"automation-gateway-server","ecosystem":"Red Hat:ansible_automation_platform:2.5::el9","purl":"pkg:rpm/redhat/automation-gateway-server"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:2.5.20260422-3.el9ap"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2026:24761.json"}},{"package":{"name":"python3.12-click","ecosystem":"Red Hat:ansible_automation_platform_developer:2.5::el8","purl":"pkg:rpm/redhat/python3.12-click"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:8.3.3-1.el8ap"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2026:24761.json"}},{"package":{"name":"python3.12-click","ecosystem":"Red Hat:ansible_automation_platform_inside:2.5::el8","purl":"pkg:rpm/redhat/python3.12-click"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:8.3.3-1.el8ap"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2026:24761.json"}},{"package":{"name":"python3.12-click","ecosystem":"Red Hat:ansible_automation_platform:2.5::el8","purl":"pkg:rpm/redhat/python3.12-click"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:8.3.3-1.el8ap"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2026:24761.json"}},{"package":{"name":"python3.12-click","ecosystem":"Red Hat:ansible_automation_platform_developer:2.5::el9","purl":"pkg:rpm/redhat/python3.12-click"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:8.3.3-1.el9ap"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2026:24761.json"}},{"package":{"name":"python3.12-click","ecosystem":"Red Hat:ansible_automation_platform_inside:2.5::el9","purl":"pkg:rpm/redhat/python3.12-click"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:8.3.3-1.el9ap"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2026:24761.json"}},{"package":{"name":"python3.12-click","ecosystem":"Red Hat:ansible_automation_platform:2.5::el9","purl":"pkg:rpm/redhat/python3.12-click"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:8.3.3-1.el9ap"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2026:24761.json"}},{"package":{"name":"automation-controller-venv-tower","ecosystem":"Red Hat:ansible_automation_platform_developer:2.5::el8","purl":"pkg:rpm/redhat/automation-controller-venv-tower"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:4.6.29-2.el8ap"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2026:24761.json"}},{"package":{"name":"automation-controller-venv-tower","ecosystem":"Red Hat:ansible_automation_platform:2.5::el8","purl":"pkg:rpm/redhat/automation-controller-venv-tower"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:4.6.29-2.el8ap"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2026:24761.json"}},{"package":{"name":"automation-controller-venv-tower","ecosystem":"Red Hat:ansible_automation_platform_developer:2.5::el9","purl":"pkg:rpm/redhat/automation-controller-venv-tower"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:4.6.29-2.el9ap"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2026:24761.json"}},{"package":{"name":"automation-controller-venv-tower","ecosystem":"Red Hat:ansible_automation_platform:2.5::el9","purl":"pkg:rpm/redhat/automation-controller-venv-tower"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:4.6.29-2.el9ap"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2026:24761.json"}},{"package":{"name":"receptor","ecosystem":"Red Hat:ansible_automation_platform_developer:2.5::el8","purl":"pkg:rpm/redhat/receptor"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:1.6.5-1.el8ap"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2026:24761.json"}},{"package":{"name":"receptor","ecosystem":"Red Hat:ansible_automation_platform_inside:2.5::el8","purl":"pkg:rpm/redhat/receptor"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:1.6.5-1.el8ap"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2026:24761.json"}},{"package":{"name":"automation-gateway-proxy-server","ecosystem":"Red Hat:ansible_automation_platform:2.5::el8","purl":"pkg:rpm/redhat/automation-gateway-proxy-server"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:2.5.10-6.el8ap"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2026:24761.json"}},{"package":{"name":"receptor","ecosystem":"Red Hat:ansible_automation_platform:2.5::el8","purl":"pkg:rpm/redhat/receptor"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:1.6.5-1.el8ap"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2026:24761.json"}},{"package":{"name":"receptor","ecosystem":"Red Hat:ansible_automation_platform_developer:2.5::el9","purl":"pkg:rpm/redhat/receptor"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:1.6.5-1.el9ap"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2026:24761.json"}},{"package":{"name":"receptor","ecosystem":"Red Hat:ansible_automation_platform_inside:2.5::el9","purl":"pkg:rpm/redhat/receptor"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:1.6.5-1.el9ap"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2026:24761.json"}},{"package":{"name":"automation-gateway-proxy-server","ecosystem":"Red Hat:ansible_automation_platform:2.5::el9","purl":"pkg:rpm/redhat/automation-gateway-proxy-server"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:2.6.14-3.el9ap"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2026:24761.json"}},{"package":{"name":"receptor","ecosystem":"Red Hat:ansible_automation_platform:2.5::el9","purl":"pkg:rpm/redhat/receptor"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:1.6.5-1.el9ap"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2026:24761.json"}},{"package":{"name":"python3.12-cryptography","ecosystem":"Red Hat:ansible_automation_platform_developer:2.5::el8","purl":"pkg:rpm/redhat/python3.12-cryptography"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:46.0.7-1.el8ap"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2026:24761.json"}},{"package":{"name":"python3.12-cryptography","ecosystem":"Red Hat:ansible_automation_platform_inside:2.5::el8","purl":"pkg:rpm/redhat/python3.12-cryptography"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:46.0.7-1.el8ap"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2026:24761.json"}},{"package":{"name":"python3.12-cryptography","ecosystem":"Red Hat:ansible_automation_platform:2.5::el8","purl":"pkg:rpm/redhat/python3.12-cryptography"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:46.0.7-1.el8ap"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2026:24761.json"}},{"package":{"name":"python3.12-cryptography","ecosystem":"Red Hat:ansible_automation_platform_developer:2.5::el9","purl":"pkg:rpm/redhat/python3.12-cryptography"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:46.0.7-1.el9ap"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2026:24761.json"}},{"package":{"name":"python3.12-cryptography","ecosystem":"Red Hat:ansible_automation_platform_inside:2.5::el9","purl":"pkg:rpm/redhat/python3.12-cryptography"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:46.0.7-1.el9ap"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2026:24761.json"}},{"package":{"name":"python3.12-cryptography","ecosystem":"Red Hat:ansible_automation_platform:2.5::el9","purl":"pkg:rpm/redhat/python3.12-cryptography"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:46.0.7-1.el9ap"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2026:24761.json"}},{"package":{"name":"python3.12-pillow","ecosystem":"Red Hat:ansible_automation_platform:2.5::el8","purl":"pkg:rpm/redhat/python3.12-pillow"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:12.2.0-1.el8ap"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2026:24761.json"}},{"package":{"name":"python3.12-pillow","ecosystem":"Red Hat:ansible_automation_platform:2.5::el9","purl":"pkg:rpm/redhat/python3.12-pillow"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:12.2.0-1.el9ap"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2026:24761.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H"}]}