{
  "threat_severity" : "Important",
  "public_date" : "2026-02-09T05:00:09Z",
  "bugzilla" : {
    "description" : "jsonpath: jsonpath: Arbitrary Code Execution via unsafe JSON Path expression evaluation",
    "id" : "2437875",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2437875"
  },
  "cvss3" : {
    "cvss3_base_score" : "9.8",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
    "status" : "verified"
  },
  "cwe" : "CWE-94",
  "details" : [ "Versions of the package jsonpath before 1.3.0 are vulnerable to Arbitrary Code Injection via unsafe evaluation of user-supplied JSON Path expressions. The library relies on the static-eval module to process JSON Path input, which is not designed to handle untrusted data safely. An attacker can exploit this vulnerability by supplying a malicious JSON Path expression that, when evaluated, executes arbitrary JavaScript code, leading to Remote Code Execution in Node.js environments or Cross-site Scripting (XSS) in browser contexts. This affects all methods that evaluate JSON Paths against objects, including .query, .nodes, .paths, .value, .parent, and .apply.", "A flaw was found in the jsonpath component. This vulnerability allows a remote attacker to achieve arbitrary code execution by supplying a malicious JSON Path expression. The component's reliance on the `static-eval` module for processing user-supplied input leads to unsafe evaluation. Successful exploitation can result in Remote Code Execution (RCE) in Node.js environments or Cross-site Scripting (XSS) in browser contexts." ],
  "statement" : "Red Hat Product Security team has rated this vulnerability as Important as it may allows arbitrary code execution when processing untrusted JSON Path expressions. This can lead to Remote Code Execution in Node.js environments or Cross-site Scripting in browser contexts. In some contexts it may be possible to remotely exploit this flaw without any privileges. However, within Red Hat products the jsonpath component is used as a transitive dependency or does not directly handle user input. This context reduces exposure and criticality of this vulnerability.",
  "affected_release" : [ {
    "product_name" : "Red Hat Ansible Automation Platform 2.5",
    "release_date" : "2026-03-31T00:00:00Z",
    "advisory" : "RHSA-2026:6308",
    "cpe" : "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
    "package" : "ansible-automation-platform-25/lightspeed-rhel8:sha256:0682e9e4bc9ad2b2b564fa2fa8b022e46729b27e26ec7b14ed2f1fae3e52a0d1"
  }, {
    "product_name" : "Red Hat Ansible Automation Platform 2.6",
    "release_date" : "2026-03-31T00:00:00Z",
    "advisory" : "RHSA-2026:6309",
    "cpe" : "cpe:/a:redhat:ansible_automation_platform:2.6::el9",
    "package" : "ansible-automation-platform-26/lightspeed-rhel9:sha256:293b2d26b9a82fa6a55dafb4c594287838cae765c358f3bdfea5b89d83f0391e"
  }, {
    "product_name" : "Red Hat Ansible Automation Platform 2.6",
    "release_date" : "2026-04-01T00:00:00Z",
    "advisory" : "RHSA-2026:6404",
    "cpe" : "cpe:/a:redhat:ansible_automation_platform:2.6::el9",
    "package" : "ansible-automation-platform-26/lightspeed-rhel9:sha256:293b2d26b9a82fa6a55dafb4c594287838cae765c358f3bdfea5b89d83f0391e"
  }, {
    "product_name" : "Red Hat Developer Hub 1.8",
    "release_date" : "2026-03-30T00:00:00Z",
    "advisory" : "RHSA-2026:6174",
    "cpe" : "cpe:/a:redhat:rhdh:1.8::el9",
    "package" : "rhdh/rhdh-hub-rhel9:sha256:2e8ed97c6e6d232f66bb81dc074b8bb2712dc54004cc565fcb1d2b43a9bb2046"
  }, {
    "product_name" : "Red Hat Developer Hub 1.9",
    "release_date" : "2026-04-07T00:00:00Z",
    "advisory" : "RHSA-2026:6802",
    "cpe" : "cpe:/a:redhat:rhdh:1.9::el9",
    "package" : "rhdh/rhdh-hub-rhel9:sha256:5e564d74dd0a96027d9283991bda32a13b87384a9c9572456ce318dfac7e9f7d"
  } ],
  "package_state" : [ {
    "product_name" : "Migration Toolkit for Virtualization",
    "fix_state" : "Affected",
    "package_name" : "migration-toolkit-virtualization/mtv-console-plugin-rhel9",
    "cpe" : "cpe:/a:redhat:migration_toolkit_virtualization:2"
  }, {
    "product_name" : "Migration Toolkit for Virtualization",
    "fix_state" : "Will not fix",
    "package_name" : "mtv-candidate/mtv-console-plugin-rhel9",
    "cpe" : "cpe:/a:redhat:migration_toolkit_virtualization:2"
  }, {
    "product_name" : "OpenShift Pipelines",
    "fix_state" : "Will not fix",
    "package_name" : "openshift-pipelines/pipelines-hub-api-rhel8",
    "cpe" : "cpe:/a:redhat:openshift_pipelines:1"
  }, {
    "product_name" : "OpenShift Pipelines",
    "fix_state" : "Will not fix",
    "package_name" : "openshift-pipelines/pipelines-hub-db-migration-rhel8",
    "cpe" : "cpe:/a:redhat:openshift_pipelines:1"
  }, {
    "product_name" : "OpenShift Pipelines",
    "fix_state" : "Affected",
    "package_name" : "openshift-pipelines/pipelines-hub-ui-rhel8",
    "cpe" : "cpe:/a:redhat:openshift_pipelines:1"
  }, {
    "product_name" : "Red Hat Ansible Automation Platform 2",
    "fix_state" : "Affected",
    "package_name" : "ansible-on-clouds/aoc-azure-aap-installer-rhel9",
    "cpe" : "cpe:/a:redhat:ansible_automation_platform:2"
  }, {
    "product_name" : "Red Hat Enterprise Linux AI (RHEL AI) 3",
    "fix_state" : "Affected",
    "package_name" : "rhelai3/bootc-cuda-rhel9",
    "cpe" : "cpe:/a:redhat:enterprise_linux_ai:3"
  }, {
    "product_name" : "Red Hat Enterprise Linux AI (RHEL AI) 3",
    "fix_state" : "Affected",
    "package_name" : "rhelai3/disk-image-cuda-rhel9",
    "cpe" : "cpe:/a:redhat:enterprise_linux_ai:3"
  }, {
    "product_name" : "Red Hat Fuse 7",
    "fix_state" : "Will not fix",
    "package_name" : "io.hawt-hawtio-online",
    "cpe" : "cpe:/a:redhat:jboss_fuse:7"
  }, {
    "product_name" : "Red Hat OpenShift AI (RHOAI)",
    "fix_state" : "Not affected",
    "package_name" : "rhoai/odh-kf-notebook-controller-rhel8",
    "cpe" : "cpe:/a:redhat:openshift_ai"
  }, {
    "product_name" : "Red Hat OpenShift AI (RHOAI)",
    "fix_state" : "Not affected",
    "package_name" : "rhoai/odh-notebook-controller-rhel8",
    "cpe" : "cpe:/a:redhat:openshift_ai"
  }, {
    "product_name" : "Red Hat Quay 3",
    "fix_state" : "Not affected",
    "package_name" : "quay/quay-rhel8",
    "cpe" : "cpe:/a:redhat:quay:3"
  }, {
    "product_name" : "Self-service automation portal 2",
    "fix_state" : "Affected",
    "package_name" : "ansible-automation-platform/automation-portal",
    "cpe" : "cpe:/a:redhat:ansible_portal:2"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2026-1615\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-1615\nhttps://github.com/dchester/jsonpath/blob/c1dd8ec74034fb0375233abb5fdbec51ac317b4b/lib/handlers.js%23L243\nhttps://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-15141219\nhttps://security.snyk.io/vuln/SNYK-JS-JSONPATH-13645034" ],
  "name" : "CVE-2026-1615",
  "mitigation" : {
    "value" : "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
    "lang" : "en:us"
  },
  "csaw" : false
}