{"id":"RHSA-2026:3958","summary":"Red Hat Security Advisory: Red Hat Ansible Automation Platform 2.6 Product Security and Bug Fix Update","modified":"2026-04-28T10:10:08Z","published":"2026-03-07T10:11:38Z","related":["GO-2026-4341"],"upstream":["CVE-2025-13465","CVE-2025-14550","CVE-2025-59057","CVE-2025-61726","CVE-2025-69223","CVE-2026-0994","CVE-2026-1207","CVE-2026-1285","CVE-2026-1287","CVE-2026-1312","CVE-2026-21884","CVE-2026-22029","CVE-2026-23490","CVE-2026-24049"],"references":[{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2026:3958"},{"type":"ARTICLE","url":"https://access.redhat.com/security/updates/classification/#important"},{"type":"ARTICLE","url":"https://docs.redhat.com/en/documentation/red_hat_ansible_automation_platform/2.6/html/release_notes/patch_releases"},{"type":"ARTICLE","url":"https://docs.redhat.com/en/documentation/red_hat_ansible_automation_platform/2.6#Upgrade"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2427456"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2428412"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2428421"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2428426"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2430472"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2431740"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2431959"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2432398"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2434432"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2436338"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2436339"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2436340"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2436341"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2436342"},{"type":"ARTICLE","url":"https://issues.redhat.com/browse/AAP-62864"},{"type":"ADVISORY","url":"https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_3958.json"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2025-13465"},{"type":"ADVISORY","url":"https://www.cve.org/CVERecord?id=CVE-2025-13465"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-13465"},{"type":"ARTICLE","url":"https://github.com/lodash/lodash/security/advisories/GHSA-xxjr-mmjv-4gpg"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2025-14550"},{"type":"ADVISORY","url":"https://www.cve.org/CVERecord?id=CVE-2025-14550"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-14550"},{"type":"ARTICLE","url":"https://docs.djangoproject.com/en/dev/releases/security/"},{"type":"ARTICLE","url":"https://groups.google.com/g/django-announce"},{"type":"ARTICLE","url":"https://www.djangoproject.com/weblog/2026/feb/03/security-releases/"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2025-59057"},{"type":"ADVISORY","url":"https://www.cve.org/CVERecord?id=CVE-2025-59057"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-59057"},{"type":"ARTICLE","url":"https://github.com/remix-run/react-router/security/advisories/GHSA-3cgp-3xvw-98x8"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2025-61726"},{"type":"ADVISORY","url":"https://www.cve.org/CVERecord?id=CVE-2025-61726"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-61726"},{"type":"ARTICLE","url":"https://go.dev/cl/736712"},{"type":"ARTICLE","url":"https://go.dev/issue/77101"},{"type":"ARTICLE","url":"https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc"},{"type":"ADVISORY","url":"https://pkg.go.dev/vuln/GO-2026-4341"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2025-69223"},{"type":"ADVISORY","url":"https://www.cve.org/CVERecord?id=CVE-2025-69223"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-69223"},{"type":"ARTICLE","url":"https://github.com/aio-libs/aiohttp/commit/2b920c39002cee0ec5b402581779bbaaf7c9138a"},{"type":"ARTICLE","url":"https://github.com/aio-libs/aiohttp/security/advisories/GHSA-6mq8-rvhq-8wgg"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2026-0994"},{"type":"ADVISORY","url":"https://www.cve.org/CVERecord?id=CVE-2026-0994"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-0994"},{"type":"ARTICLE","url":"https://github.com/protocolbuffers/protobuf/pull/25239"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2026-1207"},{"type":"ADVISORY","url":"https://www.cve.org/CVERecord?id=CVE-2026-1207"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-1207"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2026-1285"},{"type":"ADVISORY","url":"https://www.cve.org/CVERecord?id=CVE-2026-1285"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-1285"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2026-1287"},{"type":"ADVISORY","url":"https://www.cve.org/CVERecord?id=CVE-2026-1287"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-1287"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2026-1312"},{"type":"ADVISORY","url":"https://www.cve.org/CVERecord?id=CVE-2026-1312"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-1312"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2026-21884"},{"type":"ADVISORY","url":"https://www.cve.org/CVERecord?id=CVE-2026-21884"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-21884"},{"type":"ARTICLE","url":"https://github.com/remix-run/react-router/security/advisories/GHSA-8v8x-cx79-35w7"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2026-22029"},{"type":"ADVISORY","url":"https://www.cve.org/CVERecord?id=CVE-2026-22029"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-22029"},{"type":"ARTICLE","url":"https://github.com/remix-run/react-router/security/advisories/GHSA-2w69-qvjg-hvjx"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2026-23490"},{"type":"ADVISORY","url":"https://www.cve.org/CVERecord?id=CVE-2026-23490"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-23490"},{"type":"ARTICLE","url":"https://github.com/pyasn1/pyasn1/commit/3908f144229eed4df24bd569d16e5991ace44970"},{"type":"ARTICLE","url":"https://github.com/pyasn1/pyasn1/releases/tag/v0.6.2"},{"type":"ARTICLE","url":"https://github.com/pyasn1/pyasn1/security/advisories/GHSA-63vm-454h-vhhq"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2026-24049"},{"type":"ADVISORY","url":"https://www.cve.org/CVERecord?id=CVE-2026-24049"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-24049"},{"type":"ARTICLE","url":"https://github.com/pypa/wheel/commit/7a7d2de96b22a9adf9208afcc9547e1001569fef"},{"type":"ARTICLE","url":"https://github.com/pypa/wheel/releases/tag/0.46.2"},{"type":"ARTICLE","url":"https://github.com/pypa/wheel/security/advisories/GHSA-8rrh-rw8j-w5fx"}],"affected":[{"package":{"name":"automation-platform-ui","ecosystem":"Red Hat:ansible_automation_platform:2.6::el9","purl":"pkg:rpm/redhat/automation-platform-ui"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:2.6.6-1.el9ap"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2026:3958.json"}},{"package":{"name":"python3.12-django","ecosystem":"Red Hat:ansible_automation_platform_developer:2.6::el9","purl":"pkg:rpm/redhat/python3.12-django"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:4.2.28-1.el9ap"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2026:3958.json"}},{"package":{"name":"python3.12-django","ecosystem":"Red Hat:ansible_automation_platform:2.6::el9","purl":"pkg:rpm/redhat/python3.12-django"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:4.2.28-1.el9ap"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2026:3958.json"}},{"package":{"name":"receptor","ecosystem":"Red Hat:ansible_automation_platform:2.6::el10","purl":"pkg:rpm/redhat/receptor"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:1.6.3-4.el10ap"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2026:3958.json"}},{"package":{"name":"receptor-debuginfo","ecosystem":"Red Hat:ansible_automation_platform:2.6::el10","purl":"pkg:rpm/redhat/receptor-debuginfo"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:1.6.3-4.el10ap"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2026:3958.json"}},{"package":{"name":"receptor-debugsource","ecosystem":"Red Hat:ansible_automation_platform:2.6::el10","purl":"pkg:rpm/redhat/receptor-debugsource"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:1.6.3-4.el10ap"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2026:3958.json"}},{"package":{"name":"receptorctl","ecosystem":"Red Hat:ansible_automation_platform:2.6::el10","purl":"pkg:rpm/redhat/receptorctl"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:1.6.3-4.el10ap"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2026:3958.json"}},{"package":{"name":"receptor","ecosystem":"Red Hat:ansible_automation_platform_developer:2.6::el9","purl":"pkg:rpm/redhat/receptor"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:1.6.3-4.el9ap"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2026:3958.json"}},{"package":{"name":"receptor-debuginfo","ecosystem":"Red Hat:ansible_automation_platform_developer:2.6::el9","purl":"pkg:rpm/redhat/receptor-debuginfo"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:1.6.3-4.el9ap"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2026:3958.json"}},{"package":{"name":"receptor-debugsource","ecosystem":"Red Hat:ansible_automation_platform_developer:2.6::el9","purl":"pkg:rpm/redhat/receptor-debugsource"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:1.6.3-4.el9ap"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2026:3958.json"}},{"package":{"name":"receptorctl","ecosystem":"Red Hat:ansible_automation_platform_developer:2.6::el9","purl":"pkg:rpm/redhat/receptorctl"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:1.6.3-4.el9ap"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2026:3958.json"}},{"package":{"name":"receptor","ecosystem":"Red Hat:ansible_automation_platform_inside:2.6::el9","purl":"pkg:rpm/redhat/receptor"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:1.6.3-4.el9ap"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2026:3958.json"}},{"package":{"name":"receptor-debuginfo","ecosystem":"Red Hat:ansible_automation_platform_inside:2.6::el9","purl":"pkg:rpm/redhat/receptor-debuginfo"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:1.6.3-4.el9ap"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2026:3958.json"}},{"package":{"name":"receptor-debugsource","ecosystem":"Red Hat:ansible_automation_platform_inside:2.6::el9","purl":"pkg:rpm/redhat/receptor-debugsource"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:1.6.3-4.el9ap"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2026:3958.json"}},{"package":{"name":"receptorctl","ecosystem":"Red Hat:ansible_automation_platform_inside:2.6::el9","purl":"pkg:rpm/redhat/receptorctl"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:1.6.3-4.el9ap"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2026:3958.json"}},{"package":{"name":"receptor","ecosystem":"Red Hat:ansible_automation_platform:2.6::el9","purl":"pkg:rpm/redhat/receptor"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:1.6.3-4.el9ap"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2026:3958.json"}},{"package":{"name":"receptor-debuginfo","ecosystem":"Red Hat:ansible_automation_platform:2.6::el9","purl":"pkg:rpm/redhat/receptor-debuginfo"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:1.6.3-4.el9ap"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2026:3958.json"}},{"package":{"name":"receptor-debugsource","ecosystem":"Red Hat:ansible_automation_platform:2.6::el9","purl":"pkg:rpm/redhat/receptor-debugsource"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:1.6.3-4.el9ap"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2026:3958.json"}},{"package":{"name":"receptorctl","ecosystem":"Red Hat:ansible_automation_platform:2.6::el9","purl":"pkg:rpm/redhat/receptorctl"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:1.6.3-4.el9ap"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2026:3958.json"}},{"package":{"name":"python3.12-aiohttp","ecosystem":"Red Hat:ansible_automation_platform:2.6::el9","purl":"pkg:rpm/redhat/python3.12-aiohttp"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:3.13.3-2.el9ap"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2026:3958.json"}},{"package":{"name":"python3.12-aiohttp-debuginfo","ecosystem":"Red Hat:ansible_automation_platform:2.6::el9","purl":"pkg:rpm/redhat/python3.12-aiohttp-debuginfo"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:3.13.3-2.el9ap"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2026:3958.json"}},{"package":{"name":"python3.12-aiohttp-debugsource","ecosystem":"Red Hat:ansible_automation_platform:2.6::el9","purl":"pkg:rpm/redhat/python3.12-aiohttp-debugsource"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:3.13.3-2.el9ap"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2026:3958.json"}},{"package":{"name":"python3.12-protobuf","ecosystem":"Red Hat:ansible_automation_platform:2.6::el9","purl":"pkg:rpm/redhat/python3.12-protobuf"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:5.29.6-1.el9ap"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2026:3958.json"}},{"package":{"name":"python3.12-protobuf-debuginfo","ecosystem":"Red Hat:ansible_automation_platform:2.6::el9","purl":"pkg:rpm/redhat/python3.12-protobuf-debuginfo"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:5.29.6-1.el9ap"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2026:3958.json"}},{"package":{"name":"python3.12-protobuf-debugsource","ecosystem":"Red Hat:ansible_automation_platform:2.6::el9","purl":"pkg:rpm/redhat/python3.12-protobuf-debugsource"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:5.29.6-1.el9ap"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2026:3958.json"}},{"package":{"name":"automation-controller","ecosystem":"Red Hat:ansible_automation_platform_developer:2.6::el9","purl":"pkg:rpm/redhat/automation-controller"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:4.7.9-1.el9ap"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2026:3958.json"}},{"package":{"name":"automation-controller-cli","ecosystem":"Red Hat:ansible_automation_platform_developer:2.6::el9","purl":"pkg:rpm/redhat/automation-controller-cli"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:4.7.9-1.el9ap"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2026:3958.json"}},{"package":{"name":"automation-controller-server","ecosystem":"Red Hat:ansible_automation_platform_developer:2.6::el9","purl":"pkg:rpm/redhat/automation-controller-server"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:4.7.9-1.el9ap"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2026:3958.json"}},{"package":{"name":"automation-controller-ui","ecosystem":"Red Hat:ansible_automation_platform_developer:2.6::el9","purl":"pkg:rpm/redhat/automation-controller-ui"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:4.7.9-1.el9ap"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2026:3958.json"}},{"package":{"name":"automation-controller-venv-tower","ecosystem":"Red Hat:ansible_automation_platform_developer:2.6::el9","purl":"pkg:rpm/redhat/automation-controller-venv-tower"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:4.7.9-1.el9ap"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2026:3958.json"}},{"package":{"name":"automation-controller","ecosystem":"Red Hat:ansible_automation_platform:2.6::el9","purl":"pkg:rpm/redhat/automation-controller"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:4.7.9-1.el9ap"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2026:3958.json"}},{"package":{"name":"automation-controller-cli","ecosystem":"Red Hat:ansible_automation_platform:2.6::el9","purl":"pkg:rpm/redhat/automation-controller-cli"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:4.7.9-1.el9ap"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2026:3958.json"}},{"package":{"name":"automation-controller-server","ecosystem":"Red Hat:ansible_automation_platform:2.6::el9","purl":"pkg:rpm/redhat/automation-controller-server"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:4.7.9-1.el9ap"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2026:3958.json"}},{"package":{"name":"automation-controller-ui","ecosystem":"Red Hat:ansible_automation_platform:2.6::el9","purl":"pkg:rpm/redhat/automation-controller-ui"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:4.7.9-1.el9ap"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2026:3958.json"}},{"package":{"name":"automation-controller-venv-tower","ecosystem":"Red Hat:ansible_automation_platform:2.6::el9","purl":"pkg:rpm/redhat/automation-controller-venv-tower"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:4.7.9-1.el9ap"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2026:3958.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H"}]}