Skip to main content

Red Hat CVE-2026-6494

| EUVDEUVD-2026-23400 MEDIUM
Improper Output Neutralization for Logs (CWE-117)
2026-04-17 redhat GHSA-c63q-7gvc-8xq3
5.3
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.3 MEDIUM
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Red Hat
5.3 MEDIUM
qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
Low
Availability
None

Lifecycle Timeline

4
Analysis Generated
Apr 17, 2026 - 09:15 vuln.today
EUVD ID Assigned
Apr 17, 2026 - 09:00 euvd
EUVD-2026-23400
Analysis Generated
Apr 17, 2026 - 09:00 vuln.today
CVE Published
Apr 17, 2026 - 08:18 nvd
MEDIUM 5.3

DescriptionCVE.org

A flaw was found in the AAP MCP server. An unauthenticated remote attacker can exploit a log injection vulnerability by sending specially crafted input to the toolsetroute parameter. This parameter is not properly sanitized before being written to logs, allowing the attacker to inject control characters such as newlines and ANSI escape sequences. This enables the attacker to obscure legitimate log entries and insert forged ones, which could facilitate social engineering attacks, potentially leading to an operator executing dangerous commands or visiting malicious URLs.

AnalysisAI

Log injection vulnerability in Red Hat Ansible Automation Platform 2 MCP server allows unauthenticated remote attackers to inject control characters and ANSI escape sequences via the toolsetroute parameter, enabling log forgery and obscuring legitimate audit trails to facilitate social engineering attacks that trick operators into executing malicious commands or accessing attacker-controlled URLs. CVSS 5.3 (medium) reflects the integrity impact on logs without direct confidentiality or availability impact; exploitation requires no authentication, credentials, or user interaction. No public exploit code or active exploitation has been identified at time of analysis.

Technical ContextAI

The vulnerability resides in the AAP MCP (Model Control Plane) server's request handling logic, specifically where the toolsetroute parameter is processed and logged. The root cause is insufficient input sanitization before log output (CWE-117: Improper Output Neutralization for Logs), a class of injection flaw distinct from code injection but equally dangerous in audit-trail integrity contexts. The MCP server processes HTTP requests containing user-supplied parameters that are directly concatenated into log messages without escaping special characters. An attacker can embed newline characters (\n) to create fake log lines and ANSI escape sequence codes (e.g., \x1b[0m, color codes) to visually manipulate terminal output, causing legitimate entries to appear forged or deleted. This affects Red Hat Ansible Automation Platform 2, a widely deployed enterprise automation framework that uses the MCP server as a communication hub between control nodes and managed systems.

RemediationAI

Apply the vendor-released security patch for Red Hat Ansible Automation Platform 2 as documented in the Red Hat Security Advisory (https://access.redhat.com/security/cve/CVE-2026-6494). The patch addresses the toolsetroute parameter handling in the MCP server by implementing proper input sanitization and log output neutralization (stripping or escaping control characters and ANSI sequences before writing to logs). Exact patched version numbers should be obtained from the advisory. As an interim compensating control, restrict network access to the MCP server port (typically TCP 443 or 8444, depending on deployment) using firewall rules or network policies, limiting exposure to trusted control networks only; this does not eliminate the vulnerability but reduces the attack surface. Additionally, enable log monitoring with strict parsing rules that alert on unexpected newlines or ANSI sequences within parameter fields, and implement out-of-band log integrity verification (e.g., centralized syslog with cryptographic signing) to detect forged entries. Note that these controls add operational overhead and do not prevent the injection itself; patching is the definitive fix.

Vendor StatusVendor

Share

CVE-2026-6494 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy