Zero Day MonitorZDM

← Back to list

7.8

CVE-2026-11332EXPLOITED

red hat · red hat ansible automation platform

Ansible-core: argument injection in ansible-galaxy role install leads to arbitrary code execution

Description

A flaw was found in ansible-core. The ansible-galaxy role install command processes dependency specifications from a role's meta/requirements.yml file. Due to improper neutralization of argument delimiters, a malicious role author can inject arbitrary git configuration flags through the src field. This allows arbitrary code execution on the machine of a user who installs the role via ansible-galaxy role install.

Affected Products

Vendor	Product	Versions
red hat	red hat ansible automation platform	—

References

https://access.redhat.com/security/cve/CVE-2026-11332(vdb-entry, x_refsource_REDHAT)
https://bugzilla.redhat.com/show_bug.cgi?id=2485379(issue-tracking, x_refsource_REDHAT)
https://github.com/ansible/ansible

Related News (4 articles)

Tier B

BSI Advisories4h ago

[UPDATE] [mittel] Ansible: Schwachstelle ermöglicht Ausführen von beliebigem Programmcode und Offenlegung von Daten

→ No new info (linked only)

Tier B

BSI Advisories4h ago

[UPDATE] [mittel] Ansible: Schwachstelle ermöglicht Ausführen von beliebigem Programmcode mit den Rechten des Dienstes

→ No new info (linked only)

Tier A

Microsoft MSRC1d ago

CVE-2026-11332 Ansible-core: argument injection in ansible-galaxy role install leads to arbitrary code execution

→ No new info (linked only)

Tier C

VulDB3d ago

CVE-2026-11332 | Red Hat Ansible Automation Platform 2 ansible-core meta/requirements.yml src argument injection

→ No new info (linked only)

CVSS 3.17.8 HIGH

CISA KEV❌ No

Actively exploited✅ Yes

CWECWE-88

PublishedJun 5, 2026

Last enriched4h agov3

Trending Score67

Source articles4

Independent3

Info Completeness8/14

Missing: versions, epss, kev, patch, iocs, mitre_attack

Community Vote

0 upvotes0 downvotes

No votes yet

Related CVEs (5)

NONECVE-2026-10533EXP

Openshift: openshift: non-admin user can bypass resourcequota and flood etcd with events causing cluster-wide api degradation

NONECVE-2026-9793EXP

Keycloak: keycloak: security policy bypass in jwe-encrypted request object processing

Information Disclosure Vulnerability in Ansible

NONECVE-2026-3238EXP

Samba: denial of service against ad dc wins server

NONECVE-2026-43958

Rrdtool: rrdtool: stack buffer overflow allows local code execution or denial of service

Pin to Dashboard

Verification

State: unverified

Confidence: 0%

Vulnerability Timeline

CVE Published

Jun 5, 2026

Discovered by ZDM

Jun 5, 2026

Updated: severity

Jun 5, 2026

Actively Exploited

Jun 5, 2026

Exploit Available

Jun 5, 2026

Updated: severity, exploitAvailable, activelyExploited

Jun 8, 2026

Version History

v3

Last enriched 4h ago

v3Tier B4h ago

Updated severity to HIGH and marked the vulnerability as actively exploited with an exploit available.

severityexploitAvailableactivelyExploited

via BSI Advisories

v2Tier C3d ago

Updated severity to CRITICAL and corrected exploit availability to false.

severity

via VulDB

v13d ago

Initial creation