Ansible-Automation-Platform-25 Lightspeed-Chatbot-Rhel8 vulnerabilities

CVE-2026-41481 [MEDIUM] CWE-918 langchain-text-splitters: LangChain: Information Disclosure via Server-Side Request Forgery (SSRF) Redirect Bypass langchain-text-splitters: LangChain: Information Disclosure via Server-Side Request Forgery (SSRF) Redirect Bypass A flaw was found in LangChain and langchain-text-splitters. This vulnerability, a Server-Side Request Forgery (SSRF) bypass, allows a remote attacker to redirect a seemingly safe URL to internal network resources. By exploiting unvalidat

CVE-2026-41488 [LOW] CWE-367 langchain-openai: Langchain-openai: Server-Side Request Forgery (SSRF) protection bypass via DNS rebinding langchain-openai: Langchain-openai: Server-Side Request Forgery (SSRF) protection bypass via DNS rebinding A flaw was found in langchain-openai. A remote attacker could exploit a Time-of-Check to Time-of-Use (TOCTOU) vulnerability, also known as a DNS rebinding vulnerability. This occurs because the _url_to_size() helper, used for image token counting, validate

CVE-2026-41988 [LOW] CWE-787 uuid: uuid: Unexpected data writes when using external output buffers with specific UUID versions uuid: uuid: Unexpected data writes when using external output buffers with specific UUID versions A flaw was found in uuid. When external output buffers are used with UUID versions 3, 5, or 6, an attacker with local access may be able to cause unexpected data writes. This vulnerability could lead to low impact data integrity issues. UUID version 4 is not affected. Pack

CVE-2026-41314 [MEDIUM] CWE-770 pypdf: python: pypdf: Denial of Service via crafted PDF with large image sizes pypdf: python: pypdf: Denial of Service via crafted PDF with large image sizes A flaw was found in pypdf, a pure-Python PDF library. An attacker can exploit this vulnerability by crafting a malicious PDF file that accesses an image using `/FlateDecode` with large size values. This can lead to memory exhaustion, resulting in a Denial of Service (DoS) for the system processing the PDF.

CVE-2026-41168 [MEDIUM] CWE-1284 pypdf: pypdf: Denial of Service via crafted PDF with oversized streams pypdf: pypdf: Denial of Service via crafted PDF with oversized streams A flaw was found in pypdf. An attacker can craft a malicious PDF file containing oversized cross-reference streams or object streams. Processing such a file can lead to excessively long runtimes, resulting in a Denial of Service (DoS) for applications using the pypdf library. Mitigation: Mitigation for this issue is eithe

CVE-2026-41312 [MEDIUM] CWE-770 pypdf: pypdf: Denial of Service due to excessive memory consumption via specially crafted PDF pypdf: pypdf: Denial of Service due to excessive memory consumption via specially crafted PDF A flaw was found in pypdf. An attacker can craft a malicious PDF file containing a specially compressed stream. When this file is processed, it can lead to excessive memory consumption (RAM exhaustion), resulting in a Denial of Service (DoS) for the affected system. Mitigation:

CVE-2026-41313 [MEDIUM] CWE-1284 pypdf: pypdf: Denial of Service via crafted PDF with large trailer /Size value pypdf: pypdf: Denial of Service via crafted PDF with large trailer /Size value A flaw was found in pypdf. An attacker can craft a malicious PDF file with a large trailer `/Size` value. When this PDF is loaded in incremental mode, it can lead to excessively long processing times, resulting in a Denial of Service (DoS) for the application or system processing the file. Mitigation: Miti

CVE-2026-28684 [MEDIUM] CWE-59 python-dotenv: python-dotenv: Arbitrary file overwrite via symbolic link following python-dotenv: python-dotenv: Arbitrary file overwrite via symbolic link following A flaw was found in python-dotenv. A local attacker can exploit this by crafting a symbolic link, which the `set_key()` and `unset_key()` functions in python-dotenv follow when rewriting `.env` files. This can lead to the overwriting of arbitrary files on the system. Mitigation: Mitigation for this i

CVE-2026-40347 [MEDIUM] CWE-1050 python-multipart: Python-Multipart: Denial of Service via crafted multipart/form-data requests python-multipart: Python-Multipart: Denial of Service via crafted multipart/form-data requests Python-Multipart is a streaming multipart parser for Python. Versions prior to 0.0.26 have a denial of service vulnerability when parsing crafted `multipart/form-data` requests with large preamble or epilogue sections. Upgrade to version 0.0.26 or later, which skips ahead to