Red Hat Security Advisory: Red Hat Ansible Automation Platform 2.6 Product Security and Bug Fix Update

CVE-2025-13465 — lodash: prototype pollution in _.unset and _.omit functions CVE-2025-14550 — Django: Django: Denial of Service via crafted request with duplicate headers CVE-2025-59057 — react-router: @remix-run/router: React Router XSS Vulnerability CVE-2025-61726 — golang: net/url: Memory exhaustion in query parameter parsing in net/url CVE-2025-69223 — aiohttp: AIOHTTP's HTTP Parser auto_decompress feature is vulnerable to zip bomb CVE-2026-0994 — python: protobuf: Protobuf: Denial of Service due to recursion depth bypass CVE-2026-1207 — Django: Django: SQL Injection via RasterField band index parameter CVE-2026-1285 — Django: Django: Denial of Service via crafted HTML inputs CVE-2026-1287 — Django: Django: SQL Injection via crafted column aliases CVE-2026-1312 — Django: Django: SQL injection via crafted column aliases in QuerySet.order_by() CVE-2026-21884 — react-router: @remix-run/react: React Router SSR XSS in ScrollRestoration CVE-2026-22029 — @remix-run/router: react-router: React Router vulnerable to XSS via Open Redirects CVE-2026-23490 — pyasn1: pyasn1: Denial of Service due to memory exhaustion from malformed RELATIVE-OID CVE-2026-24049 — wheel: wheel: Privilege Escalation or Arbitrary Code Execution via malicious wheel file unpacking