Analysis and contextual insights are available on OpenCVE Cloud.
Vendor Workaround
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.
Tracking
Sign in to view the affected projects.
| Source | ID | Title |
|---|---|---|
Github GHSA |
GHSA-w8p5-mx5w-cpqj | ansible-core: Argument injection in ansible-galaxy role install leads to arbitrary code execution |
Fri, 10 Jul 2026 13:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Redhat acm
Redhat ansible Portal Redhat discovery Redhat enterprise Linux Redhat migration Toolkit Applications Redhat migration Toolkit Virtualization Redhat openshift Redhat satellite Redhat service Mesh Redhat stf |
|
| CPEs | cpe:/a:redhat:acm:2 cpe:/a:redhat:ansible_core:2 cpe:/a:redhat:ansible_portal:2 cpe:/a:redhat:discovery:2::el9 cpe:/a:redhat:migration_toolkit_applications:8 cpe:/a:redhat:migration_toolkit_virtualization:2 cpe:/a:redhat:openshift:4 cpe:/a:redhat:satellite:6 cpe:/a:redhat:service_mesh:3 cpe:/a:redhat:stf:1.5 cpe:/o:redhat:enterprise_linux:10 cpe:/o:redhat:enterprise_linux:8 cpe:/o:redhat:enterprise_linux:9 |
|
| Vendors & Products |
Redhat acm
Redhat ansible Portal Redhat discovery Redhat enterprise Linux Redhat migration Toolkit Applications Redhat migration Toolkit Virtualization Redhat openshift Redhat satellite Redhat service Mesh Redhat stf |
Sun, 07 Jun 2026 11:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Redhat ansible Core
|
|
| Vendors & Products |
Redhat ansible Core
|
Fri, 05 Jun 2026 16:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
ssvc
|
Fri, 05 Jun 2026 12:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| References |
| |
| Metrics |
threat_severity
|
threat_severity
|
Fri, 05 Jun 2026 09:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | A flaw was found in ansible-core. The ansible-galaxy role install command processes dependency specifications from a role's meta/requirements.yml file. Due to improper neutralization of argument delimiters, a malicious role author can inject arbitrary git configuration flags through the src field. This allows arbitrary code execution on the machine of a user who installs the role via ansible-galaxy role install. | |
| Title | Ansible-core: argument injection in ansible-galaxy role install leads to arbitrary code execution | |
| First Time appeared |
Redhat
Redhat ansible Automation Platform |
|
| Weaknesses | CWE-88 | |
| CPEs | cpe:/a:redhat:ansible_automation_platform:2 | |
| Vendors & Products |
Redhat
Redhat ansible Automation Platform |
|
| References |
| |
| Metrics |
cvssV3_1
|
Subscriptions
Status: PUBLISHED
Assigner: redhat
Published:
Updated: 2026-07-15T02:45:49.969Z
Reserved: 2026-06-05T07:58:25.632Z
Link: CVE-2026-11332
Updated: 2026-07-15T02:45:49.969Z
Status : Awaiting Analysis
Published: 2026-06-05T09:16:26.070
Modified: 2026-06-05T14:56:14.030
Link: CVE-2026-11332
OpenCVE Enrichment
Updated: 2026-06-07T11:00:11Z
Github GHSA