Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CVE Vulnerability Details :
CVE-2026-48710
PUBLISHED
More InfoOfficial Page
Assigner-GitHub_M
Assigner Org ID-a0819718-46f1-4df5-94e2-005712e83aaa
View Known Exploited Vulnerability (KEV) details
Published At-26 May, 2026 | 21:54
Updated At-23 Jun, 2026 | 19:15
Rejected At-
▼CVE Numbering Authority (CNA)
Starlette has missing Host header validation that poisons request.url.path, bypassing path-based security checks

Starlette is a lightweight ASGI framework/toolkit. Prior to version 1.0.1, the HTTP `Host` request header was not validated before being used to reconstruct `request.url`. Because the routing algorithm relies on the raw HTTP path while `request.url` is rebuilt from the `Host` header, a malformed header could make `request.url.path` differ from the path that was actually requested. Middleware and endpoints that apply security restrictions based on `request.url` (rather than the raw `scope` path) could therefore be bypassed. Users should upgrade to a version greater than or equal to version 1.0.1, which validates the `Host` header against the grammar of RFC 9112 §3.2 / RFC 3986 §3.2.2 when constructing `request.url` and falls back to `scope["server"]` for malformed values.

Affected Products
Vendor
Kludex
Product
starlette
Versions
Affected
  • < 1.0.1
Problem Types
TypeCWE IDDescription
CWECWE-444CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')
Type: CWE
CWE ID: CWE-444
Description: CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')
Metrics
VersionBase scoreBase severityVector
3.16.5MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Version: 3.1
Base score: 6.5
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://github.com/Kludex/starlette/security/advisories/GHSA-86qp-5c8j-p5mr
x_refsource_CONFIRM
https://github.com/Kludex/starlette/commit/764dab0dcfb9033d75442d7a359645c9f94648c6
x_refsource_MISC
https://badhost.org
x_refsource_MISC
https://github.com/pypa/advisory-database/tree/main/vulns/starlette/PYSEC-2026-161.yaml
x_refsource_MISC
https://ostif.org/disclosing-the-badhost-vulnerability-in-starlette
x_refsource_MISC
https://www.secwest.net/starlette
x_refsource_MISC
https://www.x41-dsec.de/lab/advisories/x41-2026-002-starlette
x_refsource_MISC
Hyperlink: https://github.com/Kludex/starlette/security/advisories/GHSA-86qp-5c8j-p5mr
Resource:
x_refsource_CONFIRM
Hyperlink: https://github.com/Kludex/starlette/commit/764dab0dcfb9033d75442d7a359645c9f94648c6
Resource:
x_refsource_MISC
Hyperlink: https://badhost.org
Resource:
x_refsource_MISC
Hyperlink: https://github.com/pypa/advisory-database/tree/main/vulns/starlette/PYSEC-2026-161.yaml
Resource:
x_refsource_MISC
Hyperlink: https://ostif.org/disclosing-the-badhost-vulnerability-in-starlette
Resource:
x_refsource_MISC
Hyperlink: https://www.secwest.net/starlette
Resource:
x_refsource_MISC
Hyperlink: https://www.x41-dsec.de/lab/advisories/x41-2026-002-starlette
Resource:
x_refsource_MISC
▼Authorized Data Publishers (ADP)
1. CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
2. starlette: Starlette: Security restriction bypass via malformed HTTP Host header

A flaw was found in Starlette, a lightweight ASGI (Asynchronous Server Gateway Interface) framework. A remote attacker could exploit this vulnerability by sending a specially crafted HTTP `Host` request header. This malformed header could cause the `request.url` to be incorrectly reconstructed, leading to a discrepancy with the actual requested path. Consequently, security restrictions enforced by middleware and endpoints that rely on `request.url` for validation could be bypassed, potentially allowing unauthorized access or actions.

Affected Products
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Ansible Automation Platform 2.6
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
registry.redhat.io/ansible-automation-platform-26/lightspeed-chatbot-rhel9
CPEs
  • cpe:/a:redhat:ansible_automation_platform:2.6::el9
Default Status
unaffected
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Ansible Automation Platform 2.7
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
registry.redhat.io/ansible-automation-platform-27/lightspeed-chatbot-rhel9
CPEs
  • cpe:/a:redhat:ansible_automation_platform:2.7::el9
Default Status
unaffected
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Satellite 6.18
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
registry.redhat.io/satellite/foreman-mcp-server-rhel9
CPEs
  • cpe:/a:redhat:satellite:6.18::el9
Default Status
unaffected
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Satellite 6.18
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
registry.redhat.io/satellite/iop-host-inventory-rhel9
CPEs
  • cpe:/a:redhat:satellite:6.18::el9
Default Status
unaffected
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Satellite 6.19
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
registry.redhat.io/satellite/foreman-mcp-server-rhel9
CPEs
  • cpe:/a:redhat:satellite:6.19::el9
Default Status
unaffected
Vendor
Red Hat, Inc.Red Hat
Product
Exploit Intelligence
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
exploit-intelligence-tech-preview/vulnerability
CPEs
  • cpe:/a:redhat:exploit_intelligence:0
Default Status
affected
Vendor
Red Hat, Inc.Red Hat
Product
Migration Toolkit for Applications 8
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
mta/mta-solution
CPEs
  • cpe:/a:redhat:migration_toolkit_applications:8
Default Status
affected
Vendor
Red Hat, Inc.Red Hat
Product
OpenShift Lightspeed
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
openshift-lightspeed/lightspeed-ocp
CPEs
  • cpe:/a:redhat:openshift_lightspeed
Default Status
affected
Vendor
Red Hat, Inc.Red Hat
Product
OpenShift Lightspeed
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
openshift-lightspeed/lightspeed-service
CPEs
  • cpe:/a:redhat:openshift_lightspeed
Default Status
affected
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat AI Inference Server
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
rhaii/vllm
CPEs
  • cpe:/a:redhat:ai_inference_server:3
Default Status
affected
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat AI Inference Server
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
rhaiis/vllm
CPEs
  • cpe:/a:redhat:ai_inference_server:3
Default Status
affected
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Enterprise Linux AI (RHEL AI) 3
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
rhelai3/bootc-aws
CPEs
  • cpe:/a:redhat:enterprise_linux_ai:3
Default Status
affected
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Enterprise Linux AI (RHEL AI) 3
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
rhelai3/bootc-azure
CPEs
  • cpe:/a:redhat:enterprise_linux_ai:3
Default Status
affected
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Enterprise Linux AI (RHEL AI) 3
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
rhelai3/bootc
CPEs
  • cpe:/a:redhat:enterprise_linux_ai:3
Default Status
affected
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Enterprise Linux AI (RHEL AI) 3
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
rhelai3/bootc-gcp
CPEs
  • cpe:/a:redhat:enterprise_linux_ai:3
Default Status
affected
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Enterprise Linux AI (RHEL AI) 3
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
rhelai3/disk-image
CPEs
  • cpe:/a:redhat:enterprise_linux_ai:3
Default Status
affected
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat OpenShift AI (RHOAI)
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
rhoai/odh
CPEs
  • cpe:/a:redhat:openshift_ai
Default Status
affected
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat OpenShift AI (RHOAI)
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
rhoai/odh-built-in
CPEs
  • cpe:/a:redhat:openshift_ai
Default Status
affected
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat OpenShift AI (RHOAI)
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
rhoai/odh-caikit
CPEs
  • cpe:/a:redhat:openshift_ai
Default Status
affected
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat OpenShift AI (RHOAI)
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
rhoai/odh-caikit-tgis
CPEs
  • cpe:/a:redhat:openshift_ai
Default Status
affected
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat OpenShift AI (RHOAI)
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
rhoai/odh-feature
CPEs
  • cpe:/a:redhat:openshift_ai
Default Status
affected
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat OpenShift AI (RHOAI)
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
rhoai/odh-guardrails-detector-huggingface
CPEs
  • cpe:/a:redhat:openshift_ai
Default Status
affected
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat OpenShift AI (RHOAI)
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
rhoai/odh-kserve-autogluon
CPEs
  • cpe:/a:redhat:openshift_ai
Default Status
affected
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat OpenShift AI (RHOAI)
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
rhoai/odh-kserve-storage
CPEs
  • cpe:/a:redhat:openshift_ai
Default Status
affected
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat OpenShift AI (RHOAI)
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
rhoai/odh-llama-stack
CPEs
  • cpe:/a:redhat:openshift_ai
Default Status
affected
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat OpenShift AI (RHOAI)
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
rhoai/odh-llm-d-kv
CPEs
  • cpe:/a:redhat:openshift_ai
Default Status
affected
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat OpenShift AI (RHOAI)
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
rhoai/odh-pipeline-runtime-datascience-cpu
CPEs
  • cpe:/a:redhat:openshift_ai
Default Status
affected
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat OpenShift AI (RHOAI)
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
rhoai/odh-pipeline-runtime-pytorch-cuda
CPEs
  • cpe:/a:redhat:openshift_ai
Default Status
affected
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat OpenShift AI (RHOAI)
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
rhoai/odh-pipeline-runtime-pytorch-llmcompressor-cuda
CPEs
  • cpe:/a:redhat:openshift_ai
Default Status
affected
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat OpenShift AI (RHOAI)
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
rhoai/odh-pipeline-runtime-pytorch-rocm
CPEs
  • cpe:/a:redhat:openshift_ai
Default Status
affected
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat OpenShift AI (RHOAI)
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
rhoai/odh-pipeline-runtime-tensorflow-cuda
CPEs
  • cpe:/a:redhat:openshift_ai
Default Status
affected
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat OpenShift AI (RHOAI)
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
rhoai/odh-pipeline-runtime-tensorflow-rocm
CPEs
  • cpe:/a:redhat:openshift_ai
Default Status
affected
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat OpenShift AI (RHOAI)
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
rhoai/odh-th06-cpu-torch210
CPEs
  • cpe:/a:redhat:openshift_ai
Default Status
affected
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat OpenShift AI (RHOAI)
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
rhoai/odh-th06-cuda130-torch210
CPEs
  • cpe:/a:redhat:openshift_ai
Default Status
affected
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat OpenShift AI (RHOAI)
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
rhoai/odh-th06-rocm64-torch291
CPEs
  • cpe:/a:redhat:openshift_ai
Default Status
affected
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat OpenShift AI (RHOAI)
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
rhoai/odh-training-cuda128-torch29
CPEs
  • cpe:/a:redhat:openshift_ai
Default Status
affected
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat OpenShift AI (RHOAI)
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
rhoai/odh-trustyai-garak-lls-provider
CPEs
  • cpe:/a:redhat:openshift_ai
Default Status
affected
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat OpenShift AI (RHOAI)
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
rhoai/odh-trustyai-nemo-guardrails
CPEs
  • cpe:/a:redhat:openshift_ai
Default Status
affected
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat OpenShift AI (RHOAI)
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
rhoai/odh-vllm
CPEs
  • cpe:/a:redhat:openshift_ai
Default Status
affected
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat OpenShift AI (RHOAI)
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
rhoai/odh-workbench-codeserver-datascience-cpu
CPEs
  • cpe:/a:redhat:openshift_ai
Default Status
affected
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat OpenShift AI (RHOAI)
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
rhoai/odh-workbench-jupyter-datascience-cpu
CPEs
  • cpe:/a:redhat:openshift_ai
Default Status
affected
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat OpenShift AI (RHOAI)
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
rhoai/odh-workbench-jupyter-pytorch-cuda
CPEs
  • cpe:/a:redhat:openshift_ai
Default Status
affected
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat OpenShift AI (RHOAI)
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
rhoai/odh-workbench-jupyter-pytorch-llmcompressor-cuda
CPEs
  • cpe:/a:redhat:openshift_ai
Default Status
affected
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat OpenShift AI (RHOAI)
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
rhoai/odh-workbench-jupyter-pytorch-rocm
CPEs
  • cpe:/a:redhat:openshift_ai
Default Status
affected
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat OpenShift AI (RHOAI)
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
rhoai/odh-workbench-jupyter-tensorflow-cuda
CPEs
  • cpe:/a:redhat:openshift_ai
Default Status
affected
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat OpenShift AI (RHOAI)
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
rhoai/odh-workbench-jupyter-tensorflow-rocm
CPEs
  • cpe:/a:redhat:openshift_ai
Default Status
affected
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat OpenShift AI (RHOAI)
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
rhoai/odh-workbench-jupyter-trustyai-cpu
CPEs
  • cpe:/a:redhat:openshift_ai
Default Status
affected
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Satellite 6
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
satellite/iop-advisor
CPEs
  • cpe:/a:redhat:satellite:6
Default Status
affected
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Satellite 6
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
satellite/iop
CPEs
  • cpe:/a:redhat:satellite:6
Default Status
affected
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Satellite 6
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
satellite/iop-vulnerability
CPEs
  • cpe:/a:redhat:satellite:6
Default Status
affected
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Ansible Automation Platform 2.6
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
registry.redhat.io/ansible-automation-platform-26/aap-must-gather-rhel9
CPEs
  • cpe:/a:redhat:ansible_automation_platform:2.6::el9
Default Status
unaffected
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Ansible Automation Platform 2.6
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
registry.redhat.io/ansible-automation-platform-26/ansible-builder-rhel9
CPEs
  • cpe:/a:redhat:ansible_automation_platform:2.6::el9
Default Status
unaffected
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Ansible Automation Platform 2.6
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
registry.redhat.io/ansible-automation-platform-26/ansible-dev-tools-rhel9
CPEs
  • cpe:/a:redhat:ansible_automation_platform:2.6::el9
Default Status
unaffected
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Ansible Automation Platform 2.6
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
registry.redhat.io/ansible-automation-platform-26/controller-rhel9-operator
CPEs
  • cpe:/a:redhat:ansible_automation_platform:2.6::el9
Default Status
unaffected
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Ansible Automation Platform 2.6
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
registry.redhat.io/ansible-automation-platform-26/controller-rhel9
CPEs
  • cpe:/a:redhat:ansible_automation_platform:2.6::el9
Default Status
unaffected
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Ansible Automation Platform 2.6
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
registry.redhat.io/ansible-automation-platform-26/de-minimal-rhel9
CPEs
  • cpe:/a:redhat:ansible_automation_platform:2.6::el9
Default Status
unaffected
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Ansible Automation Platform 2.6
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
registry.redhat.io/ansible-automation-platform-26/de-supported-rhel9
CPEs
  • cpe:/a:redhat:ansible_automation_platform:2.6::el9
Default Status
unaffected
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Ansible Automation Platform 2.6
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9-operator
CPEs
  • cpe:/a:redhat:ansible_automation_platform:2.6::el9
Default Status
unaffected
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Ansible Automation Platform 2.6
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9
CPEs
  • cpe:/a:redhat:ansible_automation_platform:2.6::el9
Default Status
unaffected
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Ansible Automation Platform 2.6
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
registry.redhat.io/ansible-automation-platform-26/eda-controller-ui-rhel9
CPEs
  • cpe:/a:redhat:ansible_automation_platform:2.6::el9
Default Status
unaffected
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Ansible Automation Platform 2.6
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
registry.redhat.io/ansible-automation-platform-26/ee-minimal-rhel9
CPEs
  • cpe:/a:redhat:ansible_automation_platform:2.6::el9
Default Status
unaffected
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Ansible Automation Platform 2.6
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
registry.redhat.io/ansible-automation-platform-26/ee-supported-rhel9
CPEs
  • cpe:/a:redhat:ansible_automation_platform:2.6::el9
Default Status
unaffected
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Ansible Automation Platform 2.6
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
registry.redhat.io/ansible-automation-platform-26/gateway-proxy-rhel9
CPEs
  • cpe:/a:redhat:ansible_automation_platform:2.6::el9
Default Status
unaffected
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Ansible Automation Platform 2.6
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
registry.redhat.io/ansible-automation-platform-26/gateway-rhel9-operator
CPEs
  • cpe:/a:redhat:ansible_automation_platform:2.6::el9
Default Status
unaffected
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Ansible Automation Platform 2.6
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
registry.redhat.io/ansible-automation-platform-26/gateway-rhel9
CPEs
  • cpe:/a:redhat:ansible_automation_platform:2.6::el9
Default Status
unaffected
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Ansible Automation Platform 2.6
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
registry.redhat.io/ansible-automation-platform-26/hub-rhel9-operator
CPEs
  • cpe:/a:redhat:ansible_automation_platform:2.6::el9
Default Status
unaffected
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Ansible Automation Platform 2.6
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
registry.redhat.io/ansible-automation-platform-26/hub-rhel9
CPEs
  • cpe:/a:redhat:ansible_automation_platform:2.6::el9
Default Status
unaffected
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Ansible Automation Platform 2.6
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
registry.redhat.io/ansible-automation-platform-26/hub-web-rhel9
CPEs
  • cpe:/a:redhat:ansible_automation_platform:2.6::el9
Default Status
unaffected
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Ansible Automation Platform 2.6
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9-operator
CPEs
  • cpe:/a:redhat:ansible_automation_platform:2.6::el9
Default Status
unaffected
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Ansible Automation Platform 2.6
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9
CPEs
  • cpe:/a:redhat:ansible_automation_platform:2.6::el9
Default Status
unaffected
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Ansible Automation Platform 2.6
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
registry.redhat.io/ansible-automation-platform-26/mcp-tools-rhel9
CPEs
  • cpe:/a:redhat:ansible_automation_platform:2.6::el9
Default Status
unaffected
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Ansible Automation Platform 2.6
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
registry.redhat.io/ansible-automation-platform-26/platform-resource-rhel9-operator
CPEs
  • cpe:/a:redhat:ansible_automation_platform:2.6::el9
Default Status
unaffected
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Ansible Automation Platform 2.6
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
registry.redhat.io/ansible-automation-platform-26/platform-resource-runner-rhel9
CPEs
  • cpe:/a:redhat:ansible_automation_platform:2.6::el9
Default Status
unaffected
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Ansible Automation Platform 2.6
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
registry.redhat.io/ansible-automation-platform-26/receptor-rhel9
CPEs
  • cpe:/a:redhat:ansible_automation_platform:2.6::el9
Default Status
unaffected
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Ansible Automation Platform 2.6
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
registry.redhat.io/ansible-automation-platform-tech-preview/mcp-server-rhel9
CPEs
  • cpe:/a:redhat:ansible_automation_platform:2.6::el9
Default Status
unaffected
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Ansible Automation Platform 2.6
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9-operator
CPEs
  • cpe:/a:redhat:ansible_automation_platform:2.6::el9
Default Status
unaffected
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Ansible Automation Platform 2.6
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9
CPEs
  • cpe:/a:redhat:ansible_automation_platform:2.6::el9
Default Status
unaffected
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Ansible Automation Platform 2.6
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
registry.redhat.io/ansible-automation-platform/platform-operator-bundle
CPEs
  • cpe:/a:redhat:ansible_automation_platform:2.6::el9
Default Status
unaffected
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Ansible Automation Platform 2.7
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
registry.redhat.io/ansible-automation-platform-27/hub-rhel9
CPEs
  • cpe:/a:redhat:ansible_automation_platform:2.7::el9
Default Status
unaffected
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Ansible Automation Platform 2.7
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
registry.redhat.io/ansible-automation-platform/platform-operator-bundle
CPEs
  • cpe:/a:redhat:ansible_automation_platform:2.7::el9
Default Status
unaffected
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Ansible Automation Platform 2
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
ansible-automation-platform-25/lightspeed
CPEs
  • cpe:/a:redhat:ansible_automation_platform:2
Default Status
unaffected
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Ansible Automation Platform 2
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
ansible-automation-platform-26/mcp
CPEs
  • cpe:/a:redhat:ansible_automation_platform:2
Default Status
unaffected
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat OpenShift AI (RHOAI)
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
rhoai/odh-kserve
CPEs
  • cpe:/a:redhat:openshift_ai
Default Status
unaffected
Problem Types
TypeCWE IDDescription
CWECWE-1289Improper Validation of Unsafe Equivalence in Input
Type: CWE
CWE ID: CWE-1289
Description: Improper Validation of Unsafe Equivalence in Input
Metrics
VersionBase scoreBase severityVector
3.16.5MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Version: 3.1
Base score: 6.5
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Metrics Other Info
Red Hat severity rating
value:
Critical
namespace:
https://access.redhat.com/security/updates/classification/
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Reported to Red Hat.2026-05-26 23:01:03
Made public.2026-05-26 21:54:54
Event: Reported to Red Hat.
Date: 2026-05-26 23:01:03
Event: Made public.
Date: 2026-05-26 21:54:54
Replaced By
Rejected Reason
References
HyperlinkResource
https://access.redhat.com/security/cve/CVE-2026-48710
vdb-entry
x_refsource_REDHAT
https://bugzilla.redhat.com/show_bug.cgi?id=2481742
issue-tracking
x_refsource_REDHAT
https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-48710.json
x_sadp-csaf-vex
Hyperlink: https://access.redhat.com/security/cve/CVE-2026-48710
Resource:
vdb-entry
x_refsource_REDHAT
Hyperlink: https://bugzilla.redhat.com/show_bug.cgi?id=2481742
Resource:
issue-tracking
x_refsource_REDHAT
Hyperlink: https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-48710.json
Resource:
x_sadp-csaf-vex
Details not found