Skip to main content

Red Hat Ansible Automation Platform 2 7

1 CVEs product

Monthly

CVE-2026-44188 MEDIUM PATCH This Month

Insufficient OAuth token invalidation in Ansible Lightspeed (part of Red Hat Ansible Automation Platform 2.x) allows a remote attacker who has exfiltrated a valid access token to maintain persistent authenticated sessions even after the legitimate user has logged out. The backend fails to revoke the token server-side on logout, leaving it exploitable until natural expiration. Successful exploitation enables unauthorized read access to sensitive Ansible resources - including inventories, playbooks, and configuration data - with no public exploit or CISA KEV listing identified at time of analysis.

Information Disclosure Red Hat Ansible Automation Platform 2 7 Red Hat Ansible Automation Platform 2 Red Hat
NVD VulDB
CVSS 3.1
5.3
EPSS
0.4%
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

Insufficient OAuth token invalidation in Ansible Lightspeed (part of Red Hat Ansible Automation Platform 2.x) allows a remote attacker who has exfiltrated a valid access token to maintain persistent authenticated sessions even after the legitimate user has logged out. The backend fails to revoke the token server-side on logout, leaving it exploitable until natural expiration. Successful exploitation enables unauthorized read access to sensitive Ansible resources - including inventories, playbooks, and configuration data - with no public exploit or CISA KEV listing identified at time of analysis.

Information Disclosure Red Hat Ansible Automation Platform 2 7 Red Hat Ansible Automation Platform 2 +1
NVD VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy