Ansible automation platform

This hub aggregates every CVE we track for Ansible automation platform, a product in the devtools ci space. Use it to gauge the current risk picture and drill into individual advisories.

Severity distribution

Monthly trend

The 15 most recently published vulnerabilities affecting Ansible automation platform.

• CVE-2026-40192Pillow is vulnerable to a FITS GZIP decompression bomb7.5Apr 15, 2026
• CVE-2025-57847Ansible-automation-platform: privilege escalation via excessive group writable /etc/passwd permissions6.4Apr 8, 2026
• CVE-2026-32281Inefficient policy validation in crypto/x5097.5Apr 8, 2026
• CVE-2026-32280Unexpected work during chain building in crypto/x5097.5Apr 8, 2026
• CVE-2026-32283Unauthenticated TLS 1.3 KeyUpdate record can cause persistent connection retention and DoS in crypto/tls7.5Apr 8, 2026
• CVE-2026-33810Case-sensitive excludedSubtrees name constraints cause Auth Bypass in crypto/x5098.2Apr 8, 2026
• CVE-2026-39373JWCrypto: JWE ZIP decompression bomb5.3Apr 7, 2026
• CVE-2026-33033Potential denial-of-service vulnerability in MultiPartParser via base64-encoded file upload6.5Apr 7, 2026
• CVE-2026-4292Privilege abuse in ModelAdmin.list_editable2.7Apr 7, 2026
• CVE-2026-4277Privilege abuse in GenericInlineModelAdmin9.8Apr 7, 2026
• CVE-2026-3902ASGI header spoofing via underscore/hyphen conflation7.5Apr 7, 2026
• CVE-2026-33748BuildKit Git URL subdir component can cause access to restricted files7.5Mar 27, 2026
• CVE-2026-33699pypdf: Possible infinite loop during recovery attempts in DictionaryObject.read_from_stream7.5Mar 26, 2026
• CVE-2026-25645Requests has Insecure Temp File Reuse in its extract_zipped_paths() utility function4.4Mar 25, 2026
• CVE-2026-33123pypdf has inefficient decoding of array-based streams6.5Mar 20, 2026