Skip to main content

Red Hat Ansible Automation Platform 2 6 For Rhel 9

1 CVEs product

Monthly

CVE-2026-6266 HIGH PATCH This Week

Authentication bypass in Red Hat Ansible Automation Platform 2.6 allows authenticated attackers to hijack arbitrary user accounts, including administrator accounts, via email-based identity provider linking manipulation. The AAP gateway's user auto-link feature matches external IDP identities to existing accounts by email without ownership verification, enabling account takeover when an attacker controls an IDP account with a victim's email address. Red Hat has released patch RHSA-2026:13508. EPSS and KEV data not provided, but the low attack complexity (AC:L) and high confidentiality/integrity impact make this a critical authentication control failure requiring immediate remediation in environments using external identity providers.

Authentication Bypass Red Hat Ansible Automation Platform 2 6 For Rhel 9
NVD VulDB
CVSS 3.1
8.3
EPSS
0.0%
EPSS 0% CVSS 8.3
HIGH PATCH This Week

Authentication bypass in Red Hat Ansible Automation Platform 2.6 allows authenticated attackers to hijack arbitrary user accounts, including administrator accounts, via email-based identity provider linking manipulation. The AAP gateway's user auto-link feature matches external IDP identities to existing accounts by email without ownership verification, enabling account takeover when an attacker controls an IDP account with a victim's email address. Red Hat has released patch RHSA-2026:13508. EPSS and KEV data not provided, but the low attack complexity (AC:L) and high confidentiality/integrity impact make this a critical authentication control failure requiring immediate remediation in environments using external identity providers.

Authentication Bypass Red Hat Ansible Automation Platform 2 6 For Rhel 9
NVD VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy