Kickstart OpenSCAP tailoring broken in 9.2?

I use a kickstart to deploy servers with a tailored NIST 800-171 OpenSCAP policy.
After I kickstarted a non tailored AlmaLinux 9.2 I noticed some changes:

For 9.1 I used this succcessfully:

%addon com_redhat_oscap
    content-type = scap-security-guide
    datastream-id = scap_org.open-scap_datastream_from_xccdf_ssg-almalinux9-xccdf-1.2.xml
    xccdf-id = scap_org.open-scap_cref_ssg-almalinux9-xccdf-1.2.xml
    profile = xccdf_org.ssgproject.content_profile_cui_customized
    tailoring-path = ssg-almalinux9-ds-1-tailoring.xml
%end

Now I seen a non tailored kickstart was using:

%addon com_redhat_oscap
    content-type = scap-security-guide
    datastream-id = scap_org.open-scap_datastream_from_xccdf_ssg-almalinux9-xccdf.xml
    xccdf-id = scap_org.open-scap_cref_ssg-almalinux9-xccdf.xml
    profile = xccdf_org.ssgproject.content_profile_cui
%end

So it dropped the “-1.2”.
So of course I figured I just change my tailored kickstart to:

%addon com_redhat_oscap
    content-type = scap-security-guide
    datastream-id = scap_org.open-scap_datastream_from_xccdf_ssg-almalinux9-xccdf.xml
    xccdf-id = scap_org.open-scap_cref_ssg-almalinux9-xccdf.xml
    profile = xccdf_org.ssgproject.content_profile_cui_customized
    tailoring-path = ssg-almalinux9-ds-1-tailoring.xml
%end

This was a no go since I get during start of the kickstart:

There was a problem with the supplied security content: Expected a file /tmp/openscap_data/ssg-almalinux9-ds-1-tailoring.xml to be a part of the supplied content but it was not the case, got only ['/usr/share/xml/scap/ssg/content//ssg-almalinux9-ds.xml']
The installation should be aborted.

Would you like to ignore this and continue the installation?
Please respond 'yes' or 'no':

Going to a shell with Alt+F2 shows that both files are in the right places:
/tmp/openscap_data/ssg-almalinux9-ds-1-tailoring.xml
/usr/share/xml/scap/ssg/content/ssg-almalinux9-ds.xml

Performing the kickstart without the tailoring file works fine so I am a little puzzled why it does not accept the tailoring file that worked file in AlmaLinux 9.1.

My tailoring file looks like:

<?xml version="1.0" encoding="UTF-8"?>
<xccdf:Tailoring xmlns:xccdf="http://checklists.nist.gov/xccdf/1.2" id="xccdf_scap-workbench_tailoring_default">
  <xccdf:benchmark href="ssg-almalinux9-ds.xml"/>
  <xccdf:version time="2023-05-11T19:14:49">1</xccdf:version>
  <xccdf:Profile id="xccdf_org.ssgproject.content_profile_cui_customized" extends="xccdf_org.ssgproject.content_profile_cui">
    <xccdf:title xmlns:xhtml="http://www.w3.org/1999/xhtml" xml:lang="en-US" override="true">[DRAFT] Unclassified Information in Non-federal Information Systems and Organizations (NIST 800-171) [CUSTOMIZED]</xccdf:title>
    <xccdf:description xmlns:xhtml="http://www.w3.org/1999/xhtml" xml:lang="en-US" override="true">NIST 800-171 Red Hat Enterprise Linux 9 to the NIST Special"</xccdf:description>
    <xccdf:select idref="xccdf_org.ssgproject.content_rule_enable_dracut_fips_module" selected="false"/>
    <xccdf:select idref="xccdf_org.ssgproject.content_rule_enable_fips_mode" selected="false"/>
    <xccdf:select idref="xccdf_org.ssgproject.content_group_fips" selected="false"/>
    <xccdf:select idref="xccdf_org.ssgproject.content_rule_partition_for_home" selected="true"/>
    <xccdf:select idref="xccdf_org.ssgproject.content_rule_partition_for_tmp" selected="true"/>
    <xccdf:select idref="xccdf_org.ssgproject.content_rule_partition_for_var" selected="true"/>
    <xccdf:select idref="xccdf_org.ssgproject.content_rule_partition_for_var_log" selected="true"/>
    <xccdf:select idref="xccdf_org.ssgproject.content_rule_partition_for_var_tmp" selected="true"/>
    <xccdf:select idref="xccdf_org.ssgproject.content_rule_no_tmux_in_shells" selected="false"/>
    <xccdf:select idref="xccdf_org.ssgproject.content_rule_configure_tmux_lock_command" selected="false"/>
    <xccdf:select idref="xccdf_org.ssgproject.content_rule_configure_tmux_lock_after_time" selected="false"/>
    <xccdf:select idref="xccdf_org.ssgproject.content_rule_configure_bashrc_exec_tmux" selected="false"/>
    <xccdf:select idref="xccdf_org.ssgproject.content_rule_package_tmux_installed" selected="false"/>
    <xccdf:select idref="xccdf_org.ssgproject.content_group_console_screen_locking" selected="false"/>
    <xccdf:select idref="xccdf_org.ssgproject.content_group_screen_locking" selected="false"/>
    <xccdf:select idref="xccdf_org.ssgproject.content_rule_audit_access_success" selected="false"/>
    <xccdf:select idref="xccdf_org.ssgproject.content_rule_zipl_systemd_debug-shell_argument_absent" selected="false"/>
    <xccdf:select idref="xccdf_org.ssgproject.content_rule_zipl_page_alloc_shuffle_argument" selected="false"/>
    <xccdf:select idref="xccdf_org.ssgproject.content_rule_zipl_init_on_alloc_argument" selected="false"/>
    <xccdf:select idref="xccdf_org.ssgproject.content_rule_zipl_bootmap_is_up_to_date" selected="false"/>
    <xccdf:select idref="xccdf_org.ssgproject.content_rule_zipl_bls_entries_only" selected="false"/>
    <xccdf:select idref="xccdf_org.ssgproject.content_rule_zipl_audit_backlog_limit_argument" selected="false"/>
    <xccdf:select idref="xccdf_org.ssgproject.content_rule_zipl_audit_argument" selected="false"/>
    <xccdf:select idref="xccdf_org.ssgproject.content_group_bootloader-zipl" selected="false"/>
    <xccdf:select idref="xccdf_org.ssgproject.content_rule_set_firewalld_default_zone" selected="true"/>
    <xccdf:select idref="xccdf_org.ssgproject.content_group_ruleset_modifications" selected="true"/>
    <xccdf:select idref="xccdf_org.ssgproject.content_rule_sysctl_net_ipv6_conf_all_disable_ipv6" selected="true"/>
    <xccdf:select idref="xccdf_org.ssgproject.content_group_disabling_ipv6" selected="true"/>
    <xccdf:select idref="xccdf_org.ssgproject.content_group_network-ipv6" selected="true"/>
    <xccdf:select idref="xccdf_org.ssgproject.content_rule_sysctl_net_ipv6_conf_default_disable_ipv6" selected="true"/>
    <xccdf:select idref="xccdf_org.ssgproject.content_rule_snmpd_use_newer_protocol" selected="true"/>
    <xccdf:select idref="xccdf_org.ssgproject.content_group_snmp_configure_server" selected="true"/>
    <xccdf:select idref="xccdf_org.ssgproject.content_group_snmp" selected="true"/>
    <xccdf:select idref="xccdf_org.ssgproject.content_rule_mount_option_boot_nodev" selected="true"/>
    <xccdf:select idref="xccdf_org.ssgproject.content_rule_mount_option_boot_nosuid" selected="true"/>
    <xccdf:select idref="xccdf_org.ssgproject.content_rule_mount_option_dev_shm_nodev" selected="true"/>
    <xccdf:select idref="xccdf_org.ssgproject.content_rule_mount_option_dev_shm_noexec" selected="true"/>
    <xccdf:select idref="xccdf_org.ssgproject.content_rule_mount_option_dev_shm_nosuid" selected="true"/>
    <xccdf:select idref="xccdf_org.ssgproject.content_rule_mount_option_home_nodev" selected="true"/>
    <xccdf:select idref="xccdf_org.ssgproject.content_rule_mount_option_home_nosuid" selected="true"/>
    <xccdf:select idref="xccdf_org.ssgproject.content_rule_mount_option_nodev_nonroot_local_partitions" selected="true"/>
    <xccdf:select idref="xccdf_org.ssgproject.content_rule_mount_option_tmp_nodev" selected="true"/>
    <xccdf:select idref="xccdf_org.ssgproject.content_rule_mount_option_tmp_noexec" selected="true"/>
    <xccdf:select idref="xccdf_org.ssgproject.content_rule_mount_option_tmp_nosuid" selected="true"/>
    <xccdf:select idref="xccdf_org.ssgproject.content_rule_mount_option_var_log_nodev" selected="true"/>
    <xccdf:select idref="xccdf_org.ssgproject.content_rule_mount_option_var_log_noexec" selected="true"/>
    <xccdf:select idref="xccdf_org.ssgproject.content_rule_mount_option_var_log_nosuid" selected="true"/>
    <xccdf:select idref="xccdf_org.ssgproject.content_rule_mount_option_var_nodev" selected="true"/>
    <xccdf:select idref="xccdf_org.ssgproject.content_rule_mount_option_var_tmp_nodev" selected="true"/>
    <xccdf:select idref="xccdf_org.ssgproject.content_rule_mount_option_var_tmp_noexec" selected="true"/>
    <xccdf:select idref="xccdf_org.ssgproject.content_rule_mount_option_var_tmp_nosuid" selected="true"/>
    <xccdf:select idref="xccdf_org.ssgproject.content_rule_accounts_tmout" selected="true"/>
    <xccdf:select idref="xccdf_org.ssgproject.content_group_accounts-session" selected="true"/>
    <xccdf:select idref="xccdf_org.ssgproject.content_rule_service_postfix_enabled" selected="true"/>
    <xccdf:select idref="xccdf_org.ssgproject.content_group_mail" selected="true"/>
    <xccdf:select idref="xccdf_org.ssgproject.content_rule_postfix_client_configure_mail_alias" selected="true"/>
    <xccdf:select idref="xccdf_org.ssgproject.content_group_postfix_client" selected="true"/>
    <xccdf:select idref="xccdf_org.ssgproject.content_rule_postfix_client_configure_mail_alias_postmaster" selected="true"/>
    <xccdf:select idref="xccdf_org.ssgproject.content_rule_sshd_enable_pam" selected="true"/>
    <xccdf:select idref="xccdf_org.ssgproject.content_rule_package_dnf-automatic_installed" selected="false"/>
    <xccdf:select idref="xccdf_org.ssgproject.content_rule_dnf-automatic_apply_updates" selected="false"/>
    <xccdf:select idref="xccdf_org.ssgproject.content_rule_dnf-automatic_security_updates_only" selected="false"/>
    <xccdf:select idref="xccdf_org.ssgproject.content_rule_timer_dnf-automatic_enabled" selected="false"/>
    <xccdf:set-value idref="xccdf_org.ssgproject.content_value_var_accounts_tmout">3600</xccdf:set-value>
    <xccdf:set-value idref="xccdf_org.ssgproject.content_value_var_postfix_root_mail_alias">test@test.com</xccdf:set-value>
    <xccdf:set-value idref="xccdf_org.ssgproject.content_value_firewalld_sshd_zone">drop</xccdf:set-value>
    <xccdf:set-value idref="xccdf_org.ssgproject.content_value_var_system_crypto_policy">DEFAULT</xccdf:set-value>
  </xccdf:Profile>
</xccdf:Tailoring>

Tested rename the tailoring file to something wrong (ssg-almalinux9-ds-tailoring_wrong.xml) and this gave me the same error. So it seems that even though the tailoring file is created in the correct path it can not parse or read it.
See if I can perform some more debugging but starting to feel like a kickstart bug.