Red hat ansible automation platform 2
This hub aggregates every CVE we track for Red hat ansible automation platform 2, a product in the devtools ci space. Use it to gauge the current risk picture and drill into individual advisories.
20
CVEs tracked
1
Critical
5
High
0
In CISA KEV
Severity distribution
MEDIUM12HIGH5LOW2CRITICAL1
Monthly trend
0
1
0
3
0
0
0
1
0
0
0
0
2
0
1
0
0
0
0
1
0
2
0
5
2024-072026-06
Latest CVEs
The 15 most recently published vulnerabilities affecting Red hat ansible automation platform 2.
- CVE-2026-12726Awx: automation-controller: awx: github webhook second-order ssrf via unvalidated statuses_url exfiltrates pat credential6.3
- CVE-2026-12398Galaxy_ng: shell injection in legacy role import via unsanitized git ref names7.5
- CVE-2026-44188Ansible-lightspeed: ansible lightspeed: session hijacking and unauthorized data access due to insufficient session expiration5.3
- CVE-2026-52902Awxkit: path traversal via yaml !include directive4.7
- CVE-2026-11332Ansible-core: argument injection in ansible-galaxy role install leads to arbitrary code execution7.8
- CVE-2026-6494Aap-mcp-server: aap mcp server: log injection allows social engineering attacks via unsanitized input5.3
- CVE-2025-57847Ansible-automation-platform: privilege escalation via excessive group writable /etc/passwd permissions6.4
- CVE-2026-0598Ansible-lightspeed: broken object level authorization leading to cross-user ai conversation context injection in ansible lightspeed api4.2
- CVE-2025-10894Nx: nx/devkit: malicious versions of nx and plugins published to npm9.6
- CVE-2025-53861Aap: sensitive cookie(s) set without security flags3.1
- CVE-2025-53862Aap: aap-gateway: automation-hub: sensitive information disclosure3.5
- CVE-2024-11831Npm-serialize-javascript: cross-site scripting (xss) in serialize-javascript5.4
- CVE-2024-9979Pyo3: risk of use-after-free in `borrowed` reads from python weak references5.3
- CVE-2024-9620Event-driven automation in ansible automation platform (aap): ansible event-driven automation (eda) lacks encryption5.3
- CVE-2024-9355Golang-fips: golang fips zeroed buffer6.5
Product normalization is registry-driven with AI assist and human review. How it works