Zero Day MonitorZDM

← Back to list

8.3

CVE-2026-6266EXPLOITEDPATCHED

red hat · red hat ansible automation platform 2.6 for rhel

Aap-controller: aap-gateway: account hijacking and unauthorized access via unverified email linking

Description

A flaw was found in the AAP gateway. The user auto-link strategy, introduced in AAP 2.6, automatically links an external Identity Provider (IDP) identity to an existing AAP user account based on email matching without verifying email ownership. This allows a remote attacker to potentially hijack a victim's account or gain unauthorized access to other accounts, including administrative accounts, by manipulating the IDP-provided email.

Affected Products

Vendor	Product	Versions
red hat	red hat ansible automation platform 2.6 for rhel	—

References

https://access.redhat.com/errata/RHSA-2026:13508(vendor-advisory, x_refsource_REDHAT)
https://access.redhat.com/security/cve/CVE-2026-6266(vdb-entry, x_refsource_REDHAT)
https://bugzilla.redhat.com/show_bug.cgi?id=2458142(issue-tracking, x_refsource_REDHAT)

Related News (1 articles)

Tier C

VulDB2h ago

CVE-2026-6266 | Red Hat Ansible Automation Platform up to 2.6 authentication bypass (RHSA-2026:13508)

→ No new info (linked only)

CVSS 3.18.3 CRITICAL

VectorCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L

CISA KEV❌ No

Actively exploited✅ Yes

Patch available

0:4.7.11-2.el9ap0:2.6.20260422-1.el9ap

CWECWE-305

PublishedMay 4, 2026

Last enriched1h agov2

Tags

authentication bypass

Trending Score50

Source articles1

Independent1

Info Completeness8/14

Missing: versions, epss, kev, exploit, iocs, mitre_attack

Community Vote

0 upvotes0 downvotes

No votes yet

Related CVEs (5)

NONECVE-2026-7500EXP

Org.keycloak.keycloak-services: improper access control on keycloak server when the account account api feature is disabled

NONECVE-2026-33846EXP

Gnutls: gnutls: denial of service via heap buffer overflow in dtls handshake fragment reassembly

Multiple Denial of Service Vulnerabilities in Red Hat OpenShift Container Platform

NONECVE-2026-2625

Rust-rpm-sequoia: rust-rpm-sequoia: denial of service via crafted rpm file during signature verification

NONECVE-2026-33845

Gnutls: gnutls: denial of service via dtls zero-length fragment

Pin to Dashboard

Verification

State: unverified

Confidence: 0%

Vulnerability Timeline

CVE Published

May 4, 2026

Discovered by ZDM

May 4, 2026

Actively Exploited

May 4, 2026

Patch Available

May 4, 2026

Updated: severity, activelyExploited, tags

May 4, 2026

Version History

v2

Last enriched 1h ago

v2Tier C1h ago

Updated severity to CRITICAL, marked as actively exploited, and added new tag 'authentication bypass'.

severityactivelyExploitedtags

via VulDB

v12h ago

Initial creation